L.P.H. van Belle via Freeradius-Users <freeradius-users@lists.freeradius.org> ezt írta (időpont: 2021. máj. 6., Cs, 10:37):
...
-----Oorspronkelijk bericht----- Van: Freeradius-Users And ldapsearch works now: ldapsearch -h 127.0.0.1 -D "cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu" -W -b "dc=ad,dc=ourdomain,dc=hu" -s sub -x -ZZ -LLL "(cn=Administrator)" So, in ldap.conf I commented the sasl parameters, and enabled start_tls.I still need in the ldap module: identity = 'cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu' password = '...' freeradius starts, but when I try radtest -x -t mschap vpn@ad.ourdomain.hu "..." localhost 0 pwd in the freeradius debug output I see: Error: rlm_ldap (ldap): Bind with cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu to ldap://localhost:389 failed: Strong(er) authentication required Error: rlm_ldap (ldap): Server said: BindSimple: Transport encryption required..
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Di...
I bet you forgot.. (in smb.con) ntlm auth = mschapv2-and-ntlmv2-only Needed in AD-DC's and the member running radius.
No, I've already set it. Thanks, Tamás.