On Feb 22, 2021, at 5:11 PM, Tyler Montney <montneytyler@gmail.com> wrote:
I've made the configuration changes outlined How to Install and Configure Freeradius With Active Directory Allow Allow Specific Group of Users to Authenticate in Debian 10 - My Blog - For Fun (stevedong.com) <https://blog.stevedong.com/post/how-to-install-and-configure-freeradius-with-active-directory-allow-allow-specific-group-of-users-to-authenticate-in-debian-10/#install-freeradius>
Yeah... FreeRADIUS has a Wiki with AD instructions, and I have my deployingradius.com site with documentation on getting FR and AD to work. But instead of using that, there's some random third-party web site
starting at "Grant Permission" and ending at "Configure freeradius-ldap Auth with AD" with testing with radtest. radtest -t mschap <user> <password> localhost 0 testing123 fails ('The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)') but radtest <domain_accout> <password> localhost 0 testing123 succeeds.
If only there was some kind of debug output you could read to figure out what the server was doing. If only there was a ton of documentation which told you to use that debug output. I guess it's a mystery. You're making this difficult. You're doing everything *other* than what the documentation says. This is just not necessary. Alan DeKok.