winbindd_priv dont exist
aland at deployingradius.com
Wed Dec 13 20:55:28 CET 2017
On Dec 13, 2017, at 2:21 PM, Carlos Bordon <cgermanb at live.com.ar> wrote:
> the cokmplete debug, thanks
Again... please follow instructions. "radiusd -X", not "radiusd -Xx" or anything else.
including configuration file /etc/raddb/mods-enabled/ldap
ldap_debug = 40
chase_referrals = yes
rebind = yes
net_timeout = 1
So that's good.
ERROR: (0) ldap: Failed performing search: Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module configuration for details.
I'll push a fix for 3.0.16 that doesn't complain if you've already set that. I can see why that's confusing.
ERROR: (0) ldap: Server said: 00002020: Operation unavailable without authentication.
So that should be instructive. Looking at the LDAP module configuration in /etc/raddb/mods-enabled/ldap, we see:
# Administrator account for searching and possibly modifying.
# If using SASL + KRB5 these should be commented out.
# identity = 'cn=admin,dc=example,dc=org'
# password = bypass
So you should set that.
Your AD server is configured to disallow anonymous binds. It requires a username / password.
More information about the Freeradius-Users