To solve this I removed the comment from chase_referrals = yes rebind = yes in the tls section of /modules/ldap and restarted the service and freeradius -X. The warning messages hadn't changed. Everything described in the .conf files should now be the way it should. http://wiki.freeradius.org/modules/Rlm_ldap somehow describes something different than the installed .conf files. http://confluence.diamond.ac.uk/display/PAAUTH/Using+LDAP+as+authentication+... <http://confluence.diamond.ac.uk/display/PAAUTH/Using+LDAP+as+authentication+source> (the wiki links to this article) states that eap.conf (/freeradius/eap.conf in my case) that nothing has to be changed in eap.conf if you use Microsoft PEAP - which I think is the case for a microsoft domain controller. After editing /sites-available/inner-tunnel (the mods-available alternative for debian I think) like the above diamond.ac.uk link states results in these messages when trying to debug-start freeradius
/etc/freeradius/sites-enabled/inner-tunnel[170]: ERROR: Unknown value ldap for attribute Auth-Type /etc/freeradius/sites-enabled/inner-tunnel[169]: Failed to parse "update" subsection. /etc/freeradius/sites-enabled/inner-tunnel[48]: Errors parsing authorize section.
LDAP connection seems to be possible ([ldap] Bind was successful) and ++[ldap] = fail states that the LDAP didn't reply to the specific question if $USER is in the database or specifically said it isn't in the db.