the fact that binding AD with credentials give in ldap conf is succesful, does that not mean that radius and AD are already seeing each other. this is my ldap conf: # for the behavioral semantics of specifying more than one host. server = "10.0.43.1" # Port to connect on, defaults to 389. Setting this to 636 will enable # LDAPS if start_tls (see below) is not able to be used. port = 389 # Administrator account for searching and possibly modifying. identity = "cn=ldapradius1,ou=Admins,dc=xxxx,dc=xxx" password = xxxxx # Unless overridden in another section, the dn from which all # searches will start from. base_dn = "dc=xxxx,dc=xxx" everything else is set as default Thank you On Thu, Aug 25, 2016 at 11:07 AM, Alan DeKok <aland@deployingradius.com> wrote:
On Aug 25, 2016, at 10:07 AM, Roberto Rios <rrios@chattanooga.gov> wrote:
Please *read* the debug log. All of it.
...
rlm_ldap (ldap): Waiting for bind result... rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Bind successful rlm_ldap (ldap): Bind successful (0) ldap : Search returned no results
That should be easy enough to understand.
Right now I am trying to have a working instance of radius with ldap auth, but , yes I will be using PEAP for wireless authentication.
Ensure that the user is in LDAP. Ensure that the LDAP module configuration in FreeRADIUS is correct.
The server prints out the LDAP search strings it's using for a reason. Please *read them*, and see if they make sense to you.
If you're using Active Directory, use ntlm_auth to authenticate users. See http://deployingradius.com/documents/configuration/ active_directory.html
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html