>I've been successfully using FreeRADIUS 1.1.4 to authenticate users >against Active Directory using LDAP and a plaintext password. > >In the authorize section FreeRADIUS anonymously binds to our LDAP server >(Active Directory) and searches for the user identified in the >Access-Request (in my case we change the default search filter to >'sAMAccountName' as our AD doesn't contain 'uid'). If a match is found I >think the user's full Distinguised Name (e.g. >CN=bill,DC=foo,DC=ac,DC=uk) is added to the list of check items, and >Auth-Type is set to 'ldap'. In the authenticate section, FreeRADIUS >binds to the LDAP server using the user's full DN and the password >supplied in the Access-Request. If the bind is successful, the user is >authenticated because the password must have been correct. > >I've recently updated a server to FreeRADIUS 2.1.3 and all >authentications now fail. LDAP is not set as the authentication method >during the authorize section. I don't know why as I can't seen any >configuration options which I've set differently between the two >versions. I still get the debug message "Info: [ldap] user <username> >authorized to use remote access" in the authorize section, so this >suggests that the anonymous bind and search work ok. > >Does any one have any ideas? Have I made a stupid configuration error, >or did I miss something in the latest documentation? >
Uncomment set_auth_type = yes in raddb/modules/ldap. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html