default authentication via windows active directory LDAP instead of /users

 Konstantin Knaab-Hinrichs paradonym at googlemail.com
Tue Mar 7 16:12:33 CET 2017


Hi,

I sucessfully set up a Debian 8 Server with FreeRadius and radtest can
successfully authenticate users with cleartext passwords written into
/users.
I followed https://ttboa.wordpress.com/2014/09/26/freeradius-on-debian-7/ up
to "Basic Authentication" and configured radiusd.conf following this - but
without user credentials for the LDAP as the server accepts anonymous
queries.
https://www.clearos.com/resources/documentation/clearos/
content:en_us:kb_howtos_setting_up_radius_to_use_ldap

However radtest still rejects valid LDAP credentials.

users contains:
"DEFAULT Ldap-Group == "dc=DOMAIN,dc=TLD"
to accept the whole LDAP.

the basedn entry and the servers IP in modules/ldap have also been
customized and the LDAP server replies to a ping.

Freeradius currently runs via "radiusd -X" as the service seems not yet
ready.

Is it possible to first query the LDAP and then secondly ask /users for
credentials?

Yours,
Konstantin


More information about the Freeradius-Users mailing list