Thanks Mathew, The error is now resolved. For Windows Active Directory LDAP the identity should be as below. identity = "ldapuser@mycompany.com" On Thu, Nov 17, 2016 at 7:49 PM, Matthew Newton <mcn4@leicester.ac.uk> wrote:
On Thu, Nov 17, 2016 at 06:56:48PM +0800, Albert K wrote:
I am stuck with the Ldap module and need help. I can login with the user account ldapuser to the AD and the password is all correct.
The error I get from starting radiusd -X (freeradius version 3.0.11)
rlm_ldap (ldap): Connecting to ldap://ad.mycompany.com:50000
That's a weird port, but... OK.
rlm_ldap (ldap):Waiting for bind result.... rlm_ldap (ldap):Bind credentials incorrect: Invalid credentials
Seems simple enough. LDAP username or password is wrong.
rlm_ldap (ldap):Server Said: 8009030C: LdapErr: DISD-0C0903C5, comment: AcceptSecurityContext Error data 2030, v2580 rlm_ldap (ldap):Opening connection failed (0) rlm_ldap (ldap): Removing connection pool
server ='ad.mycompay.com' port = 50000 identity = 'cn=ldapuser,cn=users,dc=mycompany,dc=com' password = 12345678 base_dn = 'dc=mycompany.dc=com' .....
Do those credentials work when passed to the ldapsearch utility?
It's AD; maybe identity = "ldapuser@mycompany.com"?
Matthew
-- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html