My environment is FreeRadius: 1.0.5 on RedHat Funk Odyssey supplicant. (Tried with XP supplicant also) Authenticator: HP procurve switch EAP: EAP-MD5 Directory: Active directory as LDAP server I am getting the following error while authenticating users in Active directory. Any help is appreciated. I went through ldap_how_to.txt and changed my radiusd.conf to tailor for active directory but it is still failing. My configuration sections are lldap { server = "10.11.12.137" identity = "cn=Administrator,cn=users,dc=parkhi,dc=net" password = mypassword basedn = "cn=users,dc=parkhi,dc=net" filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})" # base_filter = "(objectclass=radiusprofile)" # set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. # The StartTLS operation is supposed to be used with normal # ldap connections instead of using ldaps (port 689) connections start_tls = no # tls_cacertfile = /path/to/cacert.pem # tls_cacertdir = /path/to/ca/dir/ # tls_certfile = /path/to/radius.crt # tls_keyfile = /path/to/radius.key # tls_randfile = /path/to/rnd # tls_require_cert = "demand" # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" # profile_attribute = "radiusProfileDn" #access_attr = "dialupAccess" # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 10 # # NOTICE: The password_header directive is NOT case insensitive # # password_header = "{clear}" # # The server can usually figure this out on its own, and pull # the correct User-Password or NT-Password from the database. # # Note that NT-Passwords MUST be stored as a 32-digit hex # string, and MUST start off with "0x", such as: # # 0x000102030405060708090a0b0c0d0e0f # # Without the leading "0x", NT-Passwords will not work. # This goes for NT-Passwords stored in SQL, too. # password_attribute = User-Password # groupname_attribute = cn # groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" # groupmembership_attribute = radiusGroupName timeout = 4 timelimit = 3 net_timeout = 1 compare_check_items = no # do_xlat = yes # access_attr_used_for_allow = yes } authorize { preprocess suffix files ldap } authenticate { Auth-Type LDAP { ldap } } the console output of radiusd -X Cleaning up request 4 ID 229 with timestamp 438d0d46 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.11.12.107:1024, id=230, length=214 Framed-MTU = 1480 NAS-IP-Address = 10.11.12.107 NAS-Identifier = "HP ProCurve Switch 2824" User-Name = "test" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 24 NAS-Port-Type = Ethernet NAS-Port-Id = "24" Called-Station-Id = "00-0f-20-8d-04-c8" Calling-Station-Id = "00-c0-9f-0d-4a-1f" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1010" EAP-Message = 0x020100090174657374 Message-Authenticator = 0xaf12ec64c245045bbf5a5cc4985025de Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 users: Matched test at 66 modcall[authorize]: module "files" returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for test radius_xlat: '(sAMAccountName=test)' radius_xlat: 'cn=users,dc=parkhi,dc=net' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=users,dc=parkhi,dc=net, with filter (sAMAccou)rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user test authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 rad_check_password: Found Auth-Type LDAP auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 5 rlm_ldap: - authenticate rlm_ldap: Attribute "User-Password" is required for authentication. modcall[authenticate]: module "ldap" returns invalid for request 5 modcall: group Auth-Type returns invalid for request 5 auth: Failed to validate the user. Delaying request 5 for 1 seconds Finished request 5