Active Directory authenticated VPN

Alan DeKok aland at
Tue May 4 13:00:38 CEST 2021

On May 4, 2021, at 5:36 AM, Pisch Tamás <pischta at> wrote:
> Thanks, the authentication works now.

  That's good.

> membership_attribute = 'memberOf=CN=vpnusers,CN=Users,${base_dn})'
> Then the freeradius server says:
> rlm_ldap (ldap): Connecting to ldap://localhost:389
> TLS: can't connect: (unknown error code).
> rlm_ldap (ldap): Could not start TLS: Connect error

  Is the port even open?  Does the LDAP server accept TLS connections?  Does ldapsearch work?  Does ldapsearch work with TLS?

  You can't just give up and go "there's an error, I don't know what else to do".  You have to track down the source of the error.  Find each piece of the problem, and test it individually.  It's the only way to track down these kind of issues.

  Are you running a version of CentOS or RedHat with broken LDAP libraries?

  See for more information.

> I ran certs/bootstrap
> In radiusd.conf:

  Those certs are for use with EAP, not with LDAP.  Ignore them.

  Alan DeKok.

More information about the Freeradius-Users mailing list