unknown CA when trying to authenticate

Alan DeKok aland at deployingradius.com
Mon Feb 22 23:33:09 CET 2021



> On Feb 22, 2021, at 5:11 PM, Tyler Montney <montneytyler at gmail.com> wrote:
> 
> I've made the configuration changes outlined How to Install and Configure
> Freeradius With Active Directory Allow Allow Specific Group of Users to
> Authenticate in Debian 10 - My Blog - For Fun (stevedong.com)
> <https://blog.stevedong.com/post/how-to-install-and-configure-freeradius-with-active-directory-allow-allow-specific-group-of-users-to-authenticate-in-debian-10/#install-freeradius>

  Yeah... FreeRADIUS has a Wiki with AD instructions, and I have my deployingradius.com site with documentation on getting FR and AD to work.  But instead of using that, there's some random third-party web site

> starting
> at "Grant Permission" and ending at "Configure freeradius-ldap Auth with
> AD" with testing with radtest. radtest -t mschap <user> <password>
> localhost 0 testing123 fails ('The attempted logon is invalid. This is
> either due to a bad username or authentication information. (0xc000006d)')
> but radtest <domain_accout> <password> localhost 0 testing123 succeeds.

  If only there was some kind of debug output you could read to figure out what the server was doing.  If only there was a ton of documentation which told you to use that debug output.

  I guess it's a mystery.

  You're making this difficult.  You're doing everything *other* than what the documentation says.  This is just not necessary.

  Alan DeKok.




More information about the Freeradius-Users mailing list