FreeRADIUS and Active Directory

tnt at tnt at
Thu Feb 19 11:33:21 CET 2009

>I believe I did all I had to enable my freeradius server to chat to
>windows AD
>I did changes to my FreeRADIUS configuration according

I have news for you - you haven't done any of this:

> Module: Instantiating mschap
>  mschap {
>	use_mppe = yes
>	require_encryption = no
>	require_strong = no
*>	with_ntdomain_hack = no*
>  }

Also no ntlm_auth configured in mschap module (raddb/modules/mschap). So:

>[mschapv2] +- entering group MS-CHAP {...}
>[mschap]   NT Domain delimeter found, should we have enabled with_ntdomain_hack?

Server asks about the hack.

>[mschap] Told to do MS-CHAPv2 for AD\tomas with NT-Password
>[mschap] FAILED: MS-CHAP2-Response is incorrect
>++[mschap] returns reject

And it isn't using ntlm_auth.

You have an updated manual (relevant to freeradius 2.x) at:

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list