Mike Richardson wrote: >> 2) Configure an test LDAP with "radtest" (clear-text password) >> for a *different* user > > Doesn't work. Similar sort of error though.
Then fix that before proceeding with EAP. >> Don't do 802.1x and LDAP until you have normal "radtest" working with >> LDAP. > > AFAICT radtest doesn't do EAP so it didn't seem to be a particularly valid > test. To be blunt: it's rude to ask questions of experts, and then to tell them that their answers are invalid. If you know better, why are you asking questions on this list? > The approach required appeared quite different but I'm open to > suggestions. I've spent a long time trying to get RADIUS/LDAP auth to work > in any format. I've spent over 10 years working with RADIUS, and almost 9 years with FreeRADIUS. The "Active Directory with LDAP && TTLS" issue has come up more times than I can count. It has been *solved* more times than I can count, by FOLLOWING INSTRUCTIONS. > Anyway, the output from a test with 'radtest' and LDAP: ... > rlm_ldap: Over-riding set_auth_type, as we're not listed in the > "authenticate" section. You were told to go fix this. Do it. Now > rad_recv: Access-Request packet from host 130.88.200.85:1025, id=61, length=48 > User-Name = "raduser2" > User-Password = "raduser20" ... > rlm_ldap: looking for check items in directory... Nothing. This isn't surprising for Active Directory. > auth: No authenticate method (Auth-Type) configuration found for the request: > Rejecting the user If you have configured "ldap" in the "authenticate" section, then this would work. The LDAP "bind as user" works with AD for PAP requests. Hint: look in the configuration files for instances of the word "ldap". Read the comments. Un-comment the sample configurations. It's *not* hard. 1) install FreeRADIUS 2) configure LDAP (*all* references in radiusd.conf && sites-available/default) 3) validate that radtest works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
