Active Directory authenticated VPN
Alan DeKok
aland at deployingradius.com
Tue May 4 13:00:38 CEST 2021
On May 4, 2021, at 5:36 AM, Pisch Tamás <pischta at gmail.com> wrote:
> Thanks, the authentication works now.
That's good.
> membership_attribute = 'memberOf=CN=vpnusers,CN=Users,${base_dn})'
> Then the freeradius server says:
> rlm_ldap (ldap): Connecting to ldap://localhost:389
> TLS: can't connect: (unknown error code).
> rlm_ldap (ldap): Could not start TLS: Connect error
Is the port even open? Does the LDAP server accept TLS connections? Does ldapsearch work? Does ldapsearch work with TLS?
You can't just give up and go "there's an error, I don't know what else to do". You have to track down the source of the error. Find each piece of the problem, and test it individually. It's the only way to track down these kind of issues.
Are you running a version of CentOS or RedHat with broken LDAP libraries?
See http://packages.networkradius.com for more information.
> I ran certs/bootstrap
> In radiusd.conf:
Those certs are for use with EAP, not with LDAP. Ignore them.
Alan DeKok.
More information about the Freeradius-Users
mailing list