How "bind as user" mode works?

Alan DeKok aland at deployingradius.com
Thu Aug 17 15:35:41 UTC 2023 

On Aug 17, 2023, at 11:22 AM, Rodrigo Abrantes Antunes <rodrigoantunes at pelotas.ifsul.edu.br> wrote:
> You have to know that there are some people that aren't an expert like you, you probably have years of expertise in freeradius, I started to learn it this month.

  You don't have to be an expert to read the documentation.  You don't have to be an expert to clearly describe what you did.

> I've thought the full debug output wouldn't be needed in this case, thats why I didn't post in the first message. You could have asked for it in your first message and I would happily provide and all of this would be avoided.

  Or, you could have read the documentation as you were told to do when you joined the list.

  When you join the list, you get an email saying POST THE FULL DEBUG OUTPUT OR PEOPLE WILL BE MAD AT YOU.

  All of the "getting started" guides, including the "man" page say to look at the debug output and when asking questions on the list, post the full debug output.

  Go read it:  http://wiki.freeradius.org/list-help

> The documentation I am reading says nothing about post all the debug output in the list: https://wiki.freeradius.org/guide/freeradius-active-directory-integration-howto

  Yes, because we don't update every single page to explain how to run the debug output.  Instead, the documentation says for ANY problem, RUN IT IN DEBUG MODE AND READ THE OUTPUT.

> Your guess was wrong because you totally ignored what I said earlier, I said that I was not doing MSCHAP.

  Given you were confused and vague about much else of what you did, I didn't take that part seriously.

> I configured the LDAP "bind as user" functionality exactly like in the guide I sent you earlier,  there is said nothing about inner tunnel.

  Which is why we suggest reading the debug output, and thinking about it.

  If you see the password in the inner-tunnel, should you configure "bind as user" in the inner-tunnel?

  Again, it's OK to not be an expert.  It's not OK to give vague descriptions "I did stuff and it didn't work".  It's not OK to ignore the documentation you get sent when you join the list.

  Alan DeKok.

More information about the Freeradius-Users mailing list