PEAP - AD Disabled

Danner, Mearl jmdanner at
Fri Jun 25 15:33:39 CEST 2010

Have you checked the certificate? That's one major difference. ntlm-auth is the auth after the cert conversation in PEAP is done.

Maybe a radiusd -X log to help us along?

From: at [ at] On Behalf Of Nathan McDavit-Van Fleet
Sent: Friday, June 25, 2010 8:22 AM
To: 'FreeRadius users mailing list'
Subject: PEAP - AD Disabled


I've had a working config with the following for the past month.

PEAP->Local Users File

After a month running everything perfectly, 3 days ago the "PEAP-AD" portion of the AAA failed. This is for wireless auth.

Strangely, I can still auth from the CLI using ntlm_auth and wbinfo. So it appears as if the Samba connection to the AD is fine. Nothing has changed config wise between then and now, and I haven't found any interesting log information. You just get a "Login incorrect" when you try to login via PEAP->AD. Everything else is verified as working.

Aside from Freeradius itself, what are the differences between using ntlm_auth via CLI and via Freeradius?

Nathan Van Fleet
Telecommunications Analyst
Network Assessment and Integration
IITS Concordia University
(514) 848-2424 Extension:5434

More information about the Freeradius-Users mailing list