Active Directory authenticated VPN
Pisch Tamás
pischta at gmail.com
Thu May 6 11:43:23 CEST 2021
L.P.H. van Belle via Freeradius-Users <freeradius-users at lists.freeradius.org>
ezt írta (időpont: 2021. máj. 6., Cs, 10:37):
>
> ...
> > -----Oorspronkelijk bericht-----
> > Van: Freeradius-Users
> > And ldapsearch works now:
> > ldapsearch -h 127.0.0.1 -D
> > "cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu" -W -b
> > "dc=ad,dc=ourdomain,dc=hu" -s sub -x -ZZ -LLL "(cn=Administrator)"
> > So, in ldap.conf I commented the sasl parameters, and enabled
> > start_tls.I
> > still need in the ldap module:
> > identity = 'cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu'
> > password = '...'
> > freeradius starts, but when I try
> > radtest -x -t mschap vpn at ad.ourdomain.hu "..." localhost 0 pwd
> > in the freeradius debug output I see:
> > Error: rlm_ldap (ldap): Bind with
> > cn=Administrator,cn=Users,dc=ad,dc=ourdomain,dc=hu to
> > ldap://localhost:389
> > failed: Strong(er) authentication required
> > Error: rlm_ldap (ldap): Server said: BindSimple: Transport encryption
> > required..
>
>
> https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory
>
> I bet you forgot..
> (in smb.con) ntlm auth = mschapv2-and-ntlmv2-only
> Needed in AD-DC's and the member running radius.
>
No, I've already set it.
Thanks,
Tamás.
More information about the Freeradius-Users
mailing list