default authentication via windows active directory LDAP instead of /users

 Konstantin Knaab-Hinrichs paradonym at
Wed Mar 8 16:38:14 CET 2017

To solve this I removed the comment from

         chase_referrals = yes
         rebind = yes

in the tls section of /modules/ldap and restarted the service and
freeradius -X.
The warning messages hadn't changed. Everything described in the .conf
files should now be the way it should. somehow describes something
different than the installed .conf files.
wiki links to this article) states that eap.conf (/freeradius/eap.conf in
my case) that nothing has to be changed in eap.conf if you use Microsoft
PEAP - which I think is the case for a microsoft domain controller.

After editing /sites-available/inner-tunnel (the mods-available alternative
for debian I think) like the above link states results in
these messages when trying to debug-start freeradius

> /etc/freeradius/sites-enabled/inner-tunnel[170]: ERROR: Unknown value ldap
> for attribute Auth-Type
> /etc/freeradius/sites-enabled/inner-tunnel[169]: Failed to parse "update"
> subsection.
> /etc/freeradius/sites-enabled/inner-tunnel[48]: Errors parsing authorize
> section.

LDAP connection seems to be possible ([ldap] Bind was successful) and ++[ldap]
= fail states that the LDAP didn't reply to the specific question if $USER
is in the database or specifically said it isn't in the db.

More information about the Freeradius-Users mailing list