default authentication via windows active directory LDAP instead of /users
Konstantin Knaab-Hinrichs
paradonym at googlemail.com
Tue Mar 7 16:12:33 CET 2017
Hi,
I sucessfully set up a Debian 8 Server with FreeRadius and radtest can
successfully authenticate users with cleartext passwords written into
/users.
I followed https://ttboa.wordpress.com/2014/09/26/freeradius-on-debian-7/ up
to "Basic Authentication" and configured radiusd.conf following this - but
without user credentials for the LDAP as the server accepts anonymous
queries.
https://www.clearos.com/resources/documentation/clearos/
content:en_us:kb_howtos_setting_up_radius_to_use_ldap
However radtest still rejects valid LDAP credentials.
users contains:
"DEFAULT Ldap-Group == "dc=DOMAIN,dc=TLD"
to accept the whole LDAP.
the basedn entry and the servers IP in modules/ldap have also been
customized and the LDAP server replies to a ping.
Freeradius currently runs via "radiusd -X" as the service seems not yet
ready.
Is it possible to first query the LDAP and then secondly ask /users for
credentials?
Yours,
Konstantin
More information about the Freeradius-Users
mailing list