Active Directory authenticated VPN
L.P.H. van Belle
belle at bazuin.nl
Thu May 6 10:37:07 CEST 2021
...
> -----Oorspronkelijk bericht-----
> Van: Freeradius-Users
> And ldapsearch works now:
> ldapsearch -h 127.0.0.1 -D
> "cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu" -W -b
> "dc=ad,dc=ourdomain,dc=hu" -s sub -x -ZZ -LLL "(cn=Administrator)"
> So, in ldap.conf I commented the sasl parameters, and enabled
> start_tls.I
> still need in the ldap module:
> identity = 'cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu'
> password = '...'
> freeradius starts, but when I try
> radtest -x -t mschap vpn at ad.ourdomain.hu "..." localhost 0 pwd
> in the freeradius debug output I see:
> Error: rlm_ldap (ldap): Bind with
> cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu to
> ldap://localhost:389
> failed: Strong(er) authentication required
> Error: rlm_ldap (ldap): Server said: BindSimple: Transport encryption
> required..
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
I bet you forgot..
(in smb.con) ntlm auth = mschapv2-and-ntlmv2-only
Needed in AD-DC's and the member running radius.
Greetz,
Louis
More information about the Freeradius-Users
mailing list