Re: FreeRADIUS 3.0.x reconfiguration of from LDAP to Windows Server 2022 AD

chucho.valdez chucho.valdez at seznam.cz
Thu Sep 12 23:22:29 UTC 2024 

Hello,




let's precise the issue i have.

Freeradius is authenticating users with Linux LDAP server.


I want to reconfigure freeradius to authenticate users with Windows AD.


The user authentication is working and i can get this result when asking 
Linux LDAP server (current configuration):

root at radius:/etc/freeradius/mods-enabled# radtest myuser at gyrec.cz mypassword
localhost 10 testing123
Sent Access-Request Id 59 from 0.0.0.0:33188 to 127.0.0.1:1812 length 88
        User-Name = "myuser at gyrec.cz"
        User-Password = "mypassword"
        NAS-IP-Address = 192.168.81.12
        NAS-Port = 10
        Message-Authenticator = 0x00
        Cleartext-Password = "mypassword"
Received Access-Reject Id 59 from 127.0.0.1:1812 to 0.0.0.0:0 length 20
(0) -: Expected Access-Accept got Access-Reject



However i am getting this error when start issue command freeradius -X

/etc/freeradius/sites-enabled/tls[7]: Threading must be enabled for TLS 
sockets to function properly
/etc/freeradius/sites-enabled/tls[7]: You probably need to do 'radiusd -fxx 
-l stdout' for debugging



Would like to fix all current configuration issue before i will try to 
reconfigure the authentication to Windows AD server.

Thanks a lot for any advice what is misconfigured and how to fix it.




Chucho Valdez




---------- Původní e-mail ----------
Od: Alan DeKok <aland at deployingradius.com>
Komu: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Datum: 6. 9. 2024 0:48:49
Předmět: Re: FreeRADIUS 3.0.x reconfiguration of from LDAP to Windows Server
2022 AD
"On Aug 29, 2024, at 5:46 PM, chucho.valdez <chucho.valdez at seznam.cz> wrote:

> However i have stuck on FreeRADIUS configuration. 

There is documentation on what information should be posted to the list: 

http://wiki.freeradius.org/list-help 

> ... 
> Unable to chase referral "ldap://ForestDnsZones.mydomain.com/DC= 
> ForestDnsZones,DC=gyrec,DC=cz" (-1: Can't contact LDAP server) 
> Unable to chase referral "ldap://DomainDnsZones.mydomain.com/DC= 
> DomainDnsZones,DC=gyrec,DC=cz" (-1: Can't contact LDAP server) 
> Unable to chase referral "ldap://mydomain.com/CN=Configuration,DC=gyrec,DC
= 
> cz" (-1: Can't contact LDAP server) 

That's pretty clear. 

You made FreeRADIUS use LDAP, and then the LDAP server (or one of the LDAP 
servers) is unresponsive. 

There are two paths forward: 

a) fix FreeRADIUS so that it doesn't use LDAP 

b) fix LDAP so it isn't broken. 

Alan DeKok. 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.
html 
"
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debugfile
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20240913/756a511e/attachment-0001.ksh>

More information about the Freeradius-Users mailing list