unknown CA when trying to authenticate
Alan DeKok
aland at deployingradius.com
Mon Feb 22 23:33:09 CET 2021
> On Feb 22, 2021, at 5:11 PM, Tyler Montney <montneytyler at gmail.com> wrote:
>
> I've made the configuration changes outlined How to Install and Configure
> Freeradius With Active Directory Allow Allow Specific Group of Users to
> Authenticate in Debian 10 - My Blog - For Fun (stevedong.com)
> <https://blog.stevedong.com/post/how-to-install-and-configure-freeradius-with-active-directory-allow-allow-specific-group-of-users-to-authenticate-in-debian-10/#install-freeradius>
Yeah... FreeRADIUS has a Wiki with AD instructions, and I have my deployingradius.com site with documentation on getting FR and AD to work. But instead of using that, there's some random third-party web site
> starting
> at "Grant Permission" and ending at "Configure freeradius-ldap Auth with
> AD" with testing with radtest. radtest -t mschap <user> <password>
> localhost 0 testing123 fails ('The attempted logon is invalid. This is
> either due to a bad username or authentication information. (0xc000006d)')
> but radtest <domain_accout> <password> localhost 0 testing123 succeeds.
If only there was some kind of debug output you could read to figure out what the server was doing. If only there was a ton of documentation which told you to use that debug output.
I guess it's a mystery.
You're making this difficult. You're doing everything *other* than what the documentation says. This is just not necessary.
Alan DeKok.
More information about the Freeradius-Users
mailing list