EAP-TLS and LDAP with Windows Server 2012R2 Native Functional Level
Phil Mayers
p.mayers at imperial.ac.uk
Fri Oct 21 13:36:34 CEST 2016
On 20/10/16 22:40, TJ2718 via Freeradius-Users wrote:
> Originally I was using CentoOS 7 with Samba 4.2.10 and FreeRadius 3.0.4 on a Windows network that was on Server 2003 and Forest Functional Level.
> We were using certificate base authentications for tablets and username and password for certain users.
> We upgraded the functional level to 2012R2 Native and it broke everything.
It's probably LDAP.
> post-auth {
>
>
> # if (Ldap-Group == "WiFi") {
> # noop
> # }
>
So you've commented out the Ldap-Group check and it works. My guess is
that the AD functional upgrade has changed the schema or LDAP
permissions and your group query is failing now.
> and watching the radiusd -X debug.
As Alan says - you need to post a debug of a *failing* case. Better yet,
look carefully at it the debug before posting it - the failure will
probably be obvious.
If not, post the full debug of a failure.
Cheers,
Phil
More information about the Freeradius-Users
mailing list