EAP-TLS and LDAP with Windows Server 2012R2 Native Functional Level

Phil Mayers p.mayers at imperial.ac.uk
Fri Oct 21 13:36:34 CEST 2016

On 20/10/16 22:40, TJ2718 via Freeradius-Users wrote:

> Originally I was using CentoOS 7 with Samba 4.2.10 and FreeRadius 3.0.4 on a Windows network that was on Server 2003 and Forest Functional Level.
> We were using certificate base authentications for tablets and username and password for certain users.
> We upgraded the functional level to 2012R2 Native and it broke everything.

It's probably LDAP.

> post-auth {
> #   if (Ldap-Group == "WiFi") {
> #     noop
> #   }

So you've commented out the Ldap-Group check and it works. My guess is 
that the AD functional upgrade has changed the schema or LDAP 
permissions and your group query is failing now.

> and watching the radiusd -X debug.

As Alan says - you need to post a debug of a *failing* case. Better yet, 
look carefully at it the debug before posting it - the failure will 
probably be obvious.

If not, post the full debug of a failure.


More information about the Freeradius-Users mailing list