On Dec 13, 2017, at 2:21 PM, Carlos Bordon <cgermanb@live.com.ar> wrote:
the cokmplete debug, thanks
Again... please follow instructions. "radiusd -X", not "radiusd -Xx" or anything else. ... including configuration file /etc/raddb/mods-enabled/ldap And then: ldap { ... options { ldap_debug = 40 chase_referrals = yes rebind = yes net_timeout = 1 So that's good. And then: ERROR: (0) ldap: Failed performing search: Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module configuration for details. I'll push a fix for 3.0.16 that doesn't complain if you've already set that. I can see why that's confusing. ERROR: (0) ldap: Server said: 00002020: Operation unavailable without authentication. So that should be instructive. Looking at the LDAP module configuration in /etc/raddb/mods-enabled/ldap, we see: # Administrator account for searching and possibly modifying. # If using SASL + KRB5 these should be commented out. # identity = 'cn=admin,dc=example,dc=org' # password = bypass So you should set that. Your AD server is configured to disallow anonymous binds. It requires a username / password. Alan DeKok.