FreeRADIUS and Active Directory

Tomas tomas.radius at
Thu Feb 19 15:28:30 CET 2009

On Thu, 2009-02-19 at 13:34 +0100, tnt at wrote:
> I am not sure what the problem is from your description. If it's
> complaining about the domain try using alternative  for username -
> %{mschap:User-Name}. That is documented above the ntlm_auth line in
> mschap module. Try and see if that helps.

Thanks for reply. 
My problem is that my windows box has no way of communicating with AD
server to verify user credentials for initial login screen (reason for
that is because switch port state is uncontrolled and no other but EAPOL
traffic can pass through) 
Is there any way setting my windows box so that user gets authenticated
against radius and then AD using single sign on without doing any hacks
to MS GINA or stuff like that?

More information about the Freeradius-Users mailing list