Users in SQL not accepted, AD works.

it at wehle.dev it at wehle.dev
Tue Jan 9 09:19:36 UTC 2024


Hi Alan,

thank you for your reply.

>  We don't need to see configuration files. It doesn't help.
Alright, I'll keep that in mind.

>  If you leave the server in debug output for long enough (~30s) and send it more packets, it will print out a link to the Wiki which tells you exactly what's going wrong.
> 
>  http://wiki.freeradius.org/guide/Certificate_Compatibility
Well, yes. That's my fault as I patched the changes into a production system (we do not yet have a testing environment) and if I let the server run for 30 more seconds, more clients will connect and flood the output.

Regarding the certificates: normal logins, i.e. those that use ntlm_auth, are possible - even with the same client, so I assumed them to be fine. I guess sql-based logins required EAP-TLS then? My intention was to use the system's Let's Encrypt-certificates which are used within the tls-eap-peap configuration and only use tls-eap-tls for certificate based logins at some point, and didn't assume that changing the source of the passwords to sql would change anything there.

Thanks
Sebastian


More information about the Freeradius-Users mailing list