default authentication via windows active directory LDAP instead of /users
Konstantin Knaab-Hinrichs
paradonym at googlemail.com
Tue Mar 7 16:47:21 CET 2017
> nothing better than random 3rd party web sites - why not the official
FreeRADIUS
> documentation/WIKi and deployment guide?
Each HowTo is different from each other. Some seem to be referring to
OpenLDAP only calling it LDAP. I thought I can only use the LDAP instead of
a full integration into an active directory like here:
http://wiki.freeradius.org/guide/freeradius-active-directory-integration-howto
> what is the output?
> root@$HOSTNAME:/etc/freeradius# systemctl status freeradius
>
> ● freeradius.service - LSB: Radius Daemon
>
> Loaded: loaded (/etc/init.d/freeradius)
>
> Active: failed (Result: exit-code) since Di 2017-03-07 08:22:39 CET; 8h
>> ago
>
> Process: 20259 ExecStop=/etc/init.d/freeradius stop (code=exited,
>> status=0/SUCCESS)
>
> Process: 9112 ExecReload=/etc/init.d/freeradius reload (code=exited,
>> status=0/SUCCESS)
>
> Process: 20324 ExecStart=/etc/init.d/freeradius start (code=exited,
>> status=1/FAILURE)
>
> Mär 07 08:22:14 DGHB-FreeRADIUS systemd[1]: Starting LSB: Radius Daemon...
>
> Mär 07 08:22:39 DGHB-FreeRADIUS freeradius[20324]: Starting FreeRADIUS
>> daemo...
>
> Mär 07 08:22:39 DGHB-FreeRADIUS systemd[1]: freeradius.service: control
>> pro...1
>
> Mär 07 08:22:39 DGHB-FreeRADIUS systemd[1]: Failed to start LSB: Radius
>> Daemon.
>
> Mär 07 08:22:39 DGHB-FreeRADIUS systemd[1]: Unit freeradius.service
>> entered....
>
> Hint: Some lines were ellipsized, use -l to show in full.
>
> root@$HOSTNAME:/etc/freeradius# systemctl start freeradius
>
> root@$HOSTNAME:/etc/freeradius# systemctl status freeradius
>
> ● freeradius.service - LSB: Radius Daemon
>
> Loaded: loaded (/etc/init.d/freeradius)
>
> Active: active (running) since Di 2017-03-07 16:36:01 CET; 3s ago
>
> Process: 20259 ExecStop=/etc/init.d/freeradius stop (code=exited,
>> status=0/SUCCESS)
>
> Process: 9112 ExecReload=/etc/init.d/freeradius reload (code=exited,
>> status=0/SUCCESS)
>
> Process: 25550 ExecStart=/etc/init.d/freeradius start (code=exited,
>> status=0/SUCCESS)
>
> CGroup: /system.slice/freeradius.service
>
> └─25553 /usr/sbin/freeradius
>
> Mär 07 16:36:01 DGHB-FreeRADIUS systemd[1]: Starting LSB: Radius Daemon...
>
> Mär 07 16:36:01 DGHB-FreeRADIUS freeradius[25550]: Starting FreeRADIUS
>> daemo...
>
> Mär 07 16:36:01 DGHB-FreeRADIUS systemd[1]: Started LSB: Radius Daemon.
>
> Hint: Some lines were ellipsized, use -l to show in full.
>
> root@$HOSTNAME:/etc/freeradius#
>
>
runs now, seems to have been a config file error.
> query fot authorization ...and then authenticate? yes, thats the default
behaviour.
so a configured LDAP in modules/ldap will always be queried first? or does
it depend on the placement of "DEFAULT Ldap-Group == " in the users file?
It can also be the firewall here which I have to figure out.
"radtest USERNAME PASSWORD localhost 0 testing123" still results in an
access-reject
Konstantin
More information about the Freeradius-Users
mailing list