Active Directory authenticated VPN

L.P.H. van Belle belle at
Thu May 6 10:37:07 CEST 2021

> -----Oorspronkelijk bericht-----
> Van: Freeradius-Users 
> And ldapsearch works now:
> ldapsearch -h -D
> "cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu" -W -b
> "dc=ad,dc=ourdomain,dc=hu" -s sub -x -ZZ -LLL "(cn=Administrator)"
> So, in ldap.conf I commented the sasl parameters, and enabled 
> start_tls.I
> still need in the ldap module:
> identity = 'cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu'
> password = '...'
> freeradius starts, but when I try
> radtest -x -t mschap vpn at "..." localhost 0 pwd
> in the freeradius debug output I see:
> Error: rlm_ldap (ldap): Bind with
> cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu to 
> ldap://localhost:389
> failed: Strong(er) authentication required
> Error: rlm_ldap (ldap): Server said: BindSimple: Transport encryption
> required.. 

I bet you forgot.. 
(in smb.con)  ntlm auth = mschapv2-and-ntlmv2-only 
Needed in AD-DC's and the member running radius. 



More information about the Freeradius-Users mailing list