http://confluence.diamond.ac.uk/display/PAAUTH/Using+LDAP+as+authentication+... <http://confluence.diamond.ac.uk/display/PAAUTH/Using+LDAP+as+authentication+source> wiki links to this article) states that eap.conf (/freeradius/eap.conf in my case) that nothing has to be changed in eap.conf if you use Microsoft
And you shouldn't have to either. When you read such pages, consider that those pages were written for *that specific company*, *NOT* as a general reference for others. The page in question specifically says that it is for the 'bind-as-user' case in FreeRADIUS 3.0 (in which the LDAP module connects as the given user with the given password and considers that a successful authentication), but that this is limited to using EAP-TTLS with PAP. If you are not using FreeRADIUS 3.0, then chances are that you would get the failures you described. The page also comes with a big fat warning that says that changes in the LDAP module may render the advice inaccurate. I should know... I wrote that page in 2014 when I had to consider using bind-as-user as a method of authentication. Stefan Paetow Moonshot Industry & Research Liaison Coordinator t: +44 (0)1235 822 125 gpg: 0x3FCE5142 xmpp: stefanp@jabber.dev.ja.net skype: stefan.paetow.janet jisc.ac.uk Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.