Authenticating Active Directory users via LDAP

Pete Flynt peteflynt at
Tue May 31 14:34:29 CEST 2005


My network environment looks like the following:
WinXP client --- Cisco Switch --- FreeRadius Server --- DC(Active Directory)

I am able to authenticate the WinXP client with the local users file and 
Now I want FreeRadius to lookup the user credentials in Active Directory.

I configured the LDAP modules and I am able to access Active directory for 
username lookup but the authentication fails because of the password that 
cannot be supplied in cleartext.

The problem is, that I must use EAP because of 802.1X between the switch and 
the WinXP client.

How can I solve this issue?
I have read somewhere about how to modify FreeRadius source code in order to 
get EAP working with AD.
I would appreciate a simpler solution.

Any suggestion?

Here is some output of  radiusd:

rlm_ldap: - authorize
rlm_ldap: performing user authorization for pete
radius_xlat:  '(sAMAccountName=pete)'
radius_xlat:  'cn=Users, dc=testdc'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Users, dc=testdc, with filter 
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user pete authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns updated for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/md5
  rlm_eap: processing type md5
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap: Handler failed in EAP/md5
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Login incorrect: [pete] (from client port 0 cli 
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request


Express yourself instantly with MSN Messenger! Download today it's FREE!

More information about the Freeradius-Users mailing list