A.L.M.Buxey@lboro.ac.uk wrote:
if thats the view then the wording on freeradius.org needs to change - anyone who reads 'stable' and has eg ITIL framework etc will go for that release (2.2.x) and not the 'latest/feature' release.
We will continue to support v2.2.x for a few years. It's OK for people to use it.
..as I said..if he's done all that he's been told to do then its likely to be a bug/issue - in this case he hadnt done all he'd been told/instructed to do ;-)
People should avoid "Auth-Type = ldap". The ONLY reason to use it is for Active Directory, when the request has User-Password. For all other LDAP directories, FreeRADIUS should just grab the password from LDAP, and do the authentication itself.
I'd submitted a config change via github to make all this much easier for admins to see - which appears to have been rejected. which is a pity - as if you are now changing how the server/module works and dont put the relevant parts that people need into place then it becomes harder for the server to be configured correctly for purpose (and lets face it, for a lot of people this server is hard to configure anyway) - especially relating to this LDAP change in behaviour - other modules/configs have the required unlang present next to them to uncomment/use...just a few lines of code to stop many many similar queries about 3.x and LDAP ? think of the users.
The default configuration should work for nearly all LDAP servers. For Active Directory, they should probably be using ntlm_auth, which is also documented. Alan DeKok.