Freeradius 3 - eDirectory Problem

Matthew Newton mcn4 at
Tue May 17 16:21:27 CEST 2016

On Tue, May 17, 2016 at 03:20:12PM +0200, Bebbet van Dinges wrote:
> I'm trying to authorize/authenticate my wifi users against edirectory
> with Freeradius3, which doesn't work. It worked with this configuration
> in 2.2, but doesn't seem to provide the required result anymore.

> /usr/loca/pf/raddb/modules-enabled/ldap:

This is a v2 config. You need to edit the default v3 config and
move the options over rather than just copy the v2 config in
place. Many things have changed.

>         ldap openldap {
>                 server = ""
>                 port = 636
>                 identity = "cn=admin,o=desaad"
>                 password = "You wish.."
>                 basedn = "o=desaad"

now base_dn, hence you're searching base ""

>         #       filter = "(cn=%{mschap:User-Name})"
>         filter
> ="(&(objectClass=inetOrgPerson)(uid=%{Stripped-User-Name:-%{User-Name}}))"

now goes in the user {} subsection.

Don't bother trying to update the config for v3, it will be more
work than just configuring the default v3 config with your own


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list