Hi, I have installed FreeRadius server 2.1.12, installed and configured Kerberos, Samba; configured ntlm_auth program for FreeRadius Authentication with Active Directory. Everything is successful and running smoothly till this stage. Now, I am in the phase of configuration of Authorization in FreeRadius. For Authorization process I want to use LDAP database which is already up and running in another server (not in the server where FreeRadius is installed). The authorization should be granted in such a way that some users should be allowed/restricted VPN, some should be allowed/restricted wifi, etc....... I am not sure whether this is the best way to do Authorization using LDAP or not because it is first time I am trying this in FreeRadius. After changing the configuration as mentioned below and running FreeRadius in debug mode, I get successful "Ready to process requests" but while supplying user credentials I get rad_recv: *Access-Reject *packet from host 127.0.0.1 port 1812, id=60, length=20. What I have done so far is: I uncommented the "LDAP" in authorize section of both files /usr/local/etc/raddb/sites-enabled/default and /usr/local/etc/raddb/sites-enabled/inner-tunnel. I have changed the configuration in /usr/local/etc/raddb/modules/ldap accordingly as: (Some parts are left blank for privacy) ldap { server = "*My ldap server name*" identity = "cn= ,dc= ,dc= " password = basedn = "dc= ,dc= " filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 tls { start_tls = no } dictionary_mapping = ${raddbdir}/ldap.attrmap edir_account_policy_check = no } In /usr/local/etc/raddb/users file: DEFAULT Auth-Type = ntlm_auth bob Cleartext-Password := "hello" I havn't done any change in Authenticate section of both /usr/local/etc/raddb/sites-enabled/default and /usr/local/etc/raddb/sites-enabled/inner-tunnel files related to LDAP. I have listed authenticate section of ntlm_auth by following deployingradius.com. But while following *"rlm_ldap"* doc I have seen that it is mentioned: LDAP and Active Directory ------------------------- *You can only use PAP, and then only if you list "ldap" in the "authenticate" section.* Does this mean I need to list ldap in authenticate section also. If I list it, what about ntlm_auth that is already enabled for authentication. I am confused with this. Should I need to install openldap & openssl also in the machine where freeradius is installed to make LDAP authorisation work properly? Please suggest me whether the configuration & process I am following related to LDAP is the good way to do or not. If not what is the best way to achieve it. Any documentation/site/thread suggestion regarding this would be greately appreciated. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRadius-Active-Directory-LDAP-Aut... Sent from the FreeRadius - User mailing list archive at Nabble.com.