I'm trying to set freeradius authentication against a *Samba Active Directory Domain Controller v4.3.0* (*sernet-samba-ad*) server. The parameters in my ldap module file look like this: server = "192.168.1.8" identity = "cn=root,cn=Users,dc=eleka,dc=co,dc=cu" password = password basedn = "dc=eleka,dc=co,dc=cu" filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})" When I run *radtest root password 127.0.0.1 0 testing123* in debug mode (freeradius -X) I get a successful bind (*[ldap] Bind was successful*) but after that, this error is shown: WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? I found here http://lists.freeradius.org/pipermail/freeradius-users/2015-December/081338.... that it might be a problem related to Samba4 which looks like doesn't has a userPassword attribute and the freeradius LDAP module can map *userPassword* attribute defined in *ldap.attrmap* I also executed this query using ldapsearch (*without any issue* so identity works): ldapsearch -LLL -b "dc=eleka,dc=co,dc=cu" -h 192.168.206.8 -D "cn=root,cn=Users,dc=eleka,dc=co,dc=cu" -w password userPassword=* # refldap://eleka.co.cu/CN=Configuration,DC=eleka,DC=co,DC=cu # refldap://eleka.co.cu/DC=DomainDnsZones,DC=eleka,DC=co,DC=cu # refldap://eleka.co.cu/DC=ForestDnsZones,DC=eleka,DC=co,DC=cu