FreeRadius, Eduroam, and me...

Alan DeKok aland at
Sun Jun 21 15:59:24 CEST 2020

On Jun 20, 2020, at 4:16 PM, Tim Young <Tim.Young at> wrote:
> This is the debug from my setup where we are trying to authenticate from an external eduroam server, through a free-radius server, and to a local MS Domain controller.

  No, it's not.

  Read the debug output.  The client isn't sending EAP.  Eduroam works with EAP, not with packets containing User-Password.

> If we use radtest with mschap, it works fine.  But we seem to have something wrong with our eap...

  Then post a debug message where it uses EAP.

  But to be honest, if the configuration is broken and you're unfamiliar with FreeRADIUS, don't bother trying to debug it.

  Throw away the entire configuration, and start with the default configuration.  It works.

  Then, follow my guides at

  They tell you how to do EAP, and how to connect FreeRADIUS to talk to Active Directory.  You can look at your existing configuration to get IP addresses, domain names, certificates, etc.

  The guide also tells you what testing tools to use, and how those tools work.  And what to do if the tests fail.

  Follow the guide step by step.  It *will* work.

  Right now, you're trying to debug things you know nothing about, using tools you're unfamiliar with.  Even if it works, this process will be tedious and frustrating.

  Or, you can start with a known working configuration, and follow a step-by-step guide to get it to work.  It should take you less than a day to get things back up and running.

  The short summary is that someone butchered your local configuration for reasons unknown.  Instead of trying to fix a garbage configuration, just create a new one that works.

  Alan DeKok.

More information about the Freeradius-Users mailing list