FreeRadius 3.0.11 and Winbind

Albert K alberk at gmail.com
Thu Nov 17 11:56:48 CET 2016


Hi,

I am stuck with the Ldap module and need help.  I can login with the user
account ldapuser to the AD and the password is all correct.

The error I get from starting radiusd -X   (freeradius version 3.0.11)

rlm_ldap (ldap): Connecting to ldap://ad.mycompany.com:50000
rlm_ldap (ldap):Waiting for bind result....
rlm_ldap (ldap):Bind credentials incorrect: Invalid credentials
rlm_ldap (ldap):Server Said: 8009030C: LdapErr: DISD-0C0903C5, comment:
AcceptSecurityContext Error data 2030, v2580
rlm_ldap (ldap):Opening connection failed (0)
rlm_ldap (ldap): Removing connection pool


raddb/mods-enabled/ldap

ldap {

 server ='ad.mycompay.com'
 port = 50000
 identity = 'cn=ldapuser,cn=users,dc=mycompany,dc=com'
 password = 12345678
 base_dn = 'dc=mycompany.dc=com'
.....

}

}








On Fri, Nov 11, 2016 at 10:10 PM, Albert K <alberk at gmail.com> wrote:

> Hi,
>
> Thank you for the prompt reply.  From the answers that I am getting here,
> it seems that winbind by itself could not do the Authenticate and Authorize
> in one step.  Thanks again for clearing up the issue.
>
> On Fri, Nov 11, 2016 at 10:01 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
>
>> Hi,
>> > Hi,
>> >
>> > I am doing a setup has the following criteria. I have setup as per
>> > instruction from freeradius wiki but stuck with the Dynamic VLAN part.
>> May
>> > I know where can I get further information on Authorization for VLAN
>> > setup?  Thank you for helping.
>>
>> read the docs, configure the server as required.
>>
>> > https://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind
>> >
>> > Existing Setup
>> > 1) Windows 2012R2 Acitive Directory Server
>> >
>> > Proposed Setup
>> > 1) Unifi AP-Lite with Unifi Controller 5.2.9, FreeRadius 3.0.11, Samba
>> 4.3
>> > 2) WAP-Enterprise with PEAP-MSCHAPv2
>> > 3) Dynamic VLAN Assignment by user group
>>
>> so...HOW are you determining group membership? from the AD? using LDAP ?
>> if so, look at eg LDAP-Group info....use unlang to define your check and
>> policy and return required thing.  this can be done in SO many ways - it
>> depends
>> on how you want to engineer it.
>>
>>
>> alan
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
>> /users.html
>>
>
>


More information about the Freeradius-Users mailing list