error start freeradius -x

Flavio Bono flavio at
Thu Nov 18 20:37:24 CET 2021

Sorry I'm confused,
maybe I have not explained well, my intent is to configure the freeradius
so that it verifies username and password in the active directories of
windows server 2019 through the ldap service.

I configured the ldap file and I symlinked the mod_enable directory, I
followed some sites and posts to check my error but I always get the same
"wrong credentials" result

The freeradius at the start keeps saying that the credentials are wrong,
but as you can see I have checked them with ldapsearch and they work.

I followed what is reported in the ldap file to insert the pameters, but I
think I should see an example to understand where I am wrong.

Can I find configuration examples to verify my error?

I believe that many IT have connected freeradius to the AD of windows 2019,
and will certainly have changed a few parameters to do so but I cannot find
a guide that explains it in detail.

Can you recommend a guide?


Il giorno gio 18 nov 2021 alle ore 19:01 Alan DeKok <
aland at> ha scritto:

> On Nov 18, 2021, at 12:39 PM, Flavio Bono <flavio at> wrote:
> > I state that I am a beginner and I followed some guidelines to install
> the
> > freeradius, I wanted to connect wifi via radius to the active
> directories,
> > but when I configured ldap I always find this error
> >
> >
> > rlm_ldap (ldap): Opening additional connection (0), 1 of 32 pending slots
> > used
> > rlm_ldap (ldap): Connecting to ldap//xxx.xxxxx.local:389
> > rlm_ldap (ldap): Waiting for bind result...
> > rlm_ldap (ldap): Bind credentials incorrect: Invalid credentials
> > rlm_ldap (ldap): Server said: 80090308: LdapErr: DSID-0C090439, comment:
> > AcceptSecurityContext error, data 52e, v4563.
> > rlm_ldap (ldap): Opening connection failed (0)
>   Read mods-available/ldap.  It has instructions for converting the LDAP
> module configuration to the arguments use by ldapsearch.
> > whit
> >
> > ldapsearch -H ldap:// -x -D
> > 'cn=xxxxx,cn=users,dc=xxxxxxx,dc=local' -w P12344555551 -b
> > "DC=bxxxxxxxx,DC=local" -a always "(objectClass=User)" cn
> >
> > it works perfectly
> >
> > I don't know what to feel anymore, I find nothing to help me overcome the
> > rock,
> > the ad server is a windows server 2019.
>   What you've configured in mods-available/ldap is different from what
> you're passing to ldapsearch.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list