LDAP + Active Directory Authentication Issue

Alan DeKok aland at deployingradius.com
Thu Dec 12 20:09:17 CET 2013


Luke Ramsden wrote:
> Hi, I am trying to authenticate users against Active Directory using
> LDAP. I can perform the initial bind using an ldap bind account. I can
> then successfully find the Distinguished Name in Active Directory given
> a domain user's username. I would now like to re-bind using that
> Distinguished Name in order to authenticate the password they supplied
> as described in point 4 here: 

  The LDAP module already does all of that for you.  You don't need to
do any extra work.

> The problem I am having is my server errors out with 'No Auth-Type
> found' come authentication time. I added 'set_auth_type = yes' to
> mods-available/ldap but it seems to have had no effect.

  If you're trying to use an EAP method, this *will not* work.  Ever.
Active Directory works hard to make this impossible.

  I also suggest posting the *full* debug log.  Posting part of it means
you may be missing information.  Such as the contents of the RADIUS
packet which the server receives.

  If you're an expert, it's OK to edit the debug output, because you
know what's unimportant.  If you're not an expert, you shouldn't edit
the debug output, because you're probably doing to edit out important
information.

  Alan DeKok.


More information about the Freeradius-Users mailing list