freeradius failed to authenticate the users against windos active directory

Edward Xie Edward.Xie at guest-tek.com
Wed Feb 26 00:12:31 CET 2014 

Hi there,
I had the issue when I tried to configure my freeradius server integrate windows 2008 R2 Active directory authentication.  It worked before when it connected to a Windows AD 2003. However after I switched the AD server to a new AD server which is in another Windows domain (windows 2008 R2) , it's broken.  Looks like the radius server doesn't forward the request to the AD server even it has no Mysql  database or local user database. The request was rejected then. All the AD integration configuration files are in place and I don't find any mistakes.  The only change I made is  upgrading the samba version from 2.x to 3.5.4 because the old version can't build up pipe to windows 2008 R2 domain controller.


1.       The radius server has already joined the windows 2008 R2 domain.  I can look up the AD information without problem.

a.       Samba version:

[root at GTK_RADIUS /]#smbd -V

Version 3.5.4-0.83.el5

b.      authenticate a user from the domain

[root at GTK_RADIUS /]#wbinfo -a exie%123456

plaintext password authentication failed

Could not authenticate user exie%123456 with plaintext password

challenge/response password authentication succeeded

c.       authenticate with NTLM
                                 [root at GTK_RADIUS /]#ntlm_auth .-request-nt-key --domain=NE --username=exie
                                  password:
                                  NT_STATUS_OK: Success (0x0)


2.       The Log of Radius authentication is attached.




Could you kindly to help me figure out why the freeradius server can't work with windows AD? Thanks so much in advance.


Edward Xie

The contents of this email are confidential and intended for the recipient only. If you have received this email in error, please notify us, and destroy all copies.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140225/6c62ee05/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius-X-log.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140225/6c62ee05/attachment-0001.txt>

More information about the Freeradius-Users mailing list