Problems to authenticate against an Azure AD -Ldap

Alan DeKok aland at
Fri Sep 22 23:59:45 UTC 2023

On Sep 22, 2023, at 9:56 AM, Uwe Faber <uf at> wrote:st/users.html
> Hi alan,
> i changed the code in the inner tunnel as described in the Link you gave the result is :
> /etc/freeradius/3.0/sites-enabled/inner-khs[12]: Unknown or invalid value "ldap" for attribute Auth-Type
> /etc/freeradius/3.0/sites-enabled/inner-khs[11]: Failed to parse "update" subsection.
> /etc/freeradius/3.0/sites-enabled/inner-khs[2]: Errors parsing authorize section.

  You've had success in editing the configuration files to simplify it and use "ldap_khs" instead of just "ldap".

  What is less successful is expecting that the "Auth-Type LDAP" example will work when the "authenticate" section you post doesn't have the "ldap" configuration from the example.

  And, if you're going to use "ldap_khs" as the ldap module, you probably want to use that name instead of just bare "ldap".

  It takes care and effort to create a working configuration.  And paying attention to details.  Following half of the documentation is not likely to work.

  Alan DeKok.

More information about the Freeradius-Users mailing list