default authentication via windows active directory LDAP instead of /users
Stefan.Paetow at jisc.ac.uk
Wed Mar 8 17:49:47 CET 2017
> wiki links to this article) states that eap.conf (/freeradius/eap.conf in
> my case) that nothing has to be changed in eap.conf if you use Microsoft
And you shouldn't have to either. When you read such pages, consider that those pages were written for *that specific company*, *NOT* as a general reference for others. The page in question specifically says that it is for the 'bind-as-user' case in FreeRADIUS 3.0 (in which the LDAP module connects as the given user with the given password and considers that a successful authentication), but that this is limited to using EAP-TTLS with PAP.
If you are not using FreeRADIUS 3.0, then chances are that you would get the failures you described.
The page also comes with a big fat warning that says that changes in the LDAP module may render the advice inaccurate.
I should know... I wrote that page in 2014 when I had to consider using bind-as-user as a method of authentication.
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
xmpp: stefanp at jabber.dev.ja.net
Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 496 bytes
Desc: Message signed with OpenPGP
More information about the Freeradius-Users