radiusd -X -A output: http://pastebin.ca/444131
radius.conf: http://pastebin.ca/444132

OK Ive sorted  that pesky ntlm_auth error, but I have encountered a
new 1 (at least its something new :D ).

The specific part of the error is below.

rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to, authentication 0
rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow
rlm_ldap: bind as
cn=freeradius,ou=admins,ou=radius,dc=tfxschool,dc=com/frpass to
rlm_ldap: waiting for bind result ...
rlm_ldap: LDAP login failed: check identity, password settings in ldap
section of radiusd.conf
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns fail for request 1
modcall: leaving group authorize (returns fail) for request 1

It complains about my password in radius.conf. Here is the section in question:

ldap {
        # !! I assume that mydomain is replaced with desired domain.

        server =
        identity = cn=freeradius,ou=admins,ou=radius,dc=tfxschool,dc=com
        password = frpass
        #this is the basedn to do searches on a user
        basedn = ou=users,ou=radius,dc=tfxschool,dc=com
        #notice the username is the stripped user-name or user-name
        filter = (uid=%{Stripped-User-Name:-{User-Name}})
        start_tls = no
        tls_mode = no
        #this maps ldap attributetypes to radius attributes
        dictionary_mapping = ${raddbdir}/ldap.attrmap
        ldap_cache_timeout = 120
        ldap_cache_size = 0
        ldap_connections_number = 10
        #password_header = {clear}

        #While integrating FreeRADIUS with Novell eDirectory, set
        #'password_attribute = nspmpassword' in order to use the universal 
        #of the eDirectory users for RADIUS authentication. This will work only 
        #FreeRADIUS is configured to build with --with-edir option.

        password_attribute = frpass

I have created the user freeradius on the win2k3 server, added him to
the groups admins and radius and set the password to frpass.

All insights and suggestions welcome.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to