FreeRadius + AD + Realms

Matthew P mayday64 at
Wed Jun 30 08:04:02 CEST 2010

Hello everyone!

I'm new to FreeRadius, so please bear with me. :)

Goal: Make FreeRadius look-up a user in ActiveDirectory if he has "" domain.
Used method: EAP/TTLS (PAP in the tunnel)

This is how I've done it, but it doesn't give the wanted results, so please explain a bit. :)
(it doesn't seem to load the local_ad virtual server configuration, which is I placed in the sites-enabled directory, it seems to just carry on executing the default server)

parts from proxy.conf:
proxy server {
    default_fallback = no

home_server localhost_ad {
    type = auth
    virtual_server = local_ad

home_server_pool active_directory {
    type = fail-over
    virtual_server = local_ad
    home_server = localhost_ad

realm {
    auth_pool = active_directory

And the output:
rad_recv: Access-Request packet from host port 1812, id=8,
    NAS-IP-Address =
    NAS-Port-Type = Async
    User-Name = "user at"
    Service-Type = Framed-User
    Framed-MTU = 1500
    Calling-Station-Id = "00-11-22-33-44-55"
    EAP-Message =
    Message-Authenticator = 0x10017179767a5ab6718168e8399c8993
+- entering group authorize
++[preprocess] returns ok
    rlm_realm: Looking up realm "" for User-Name = "user at"
    rlm_realm: Found realm ""
    rlm_realm: Adding Stripped-User-Name = "user"
    rlm_realm: Adding Realm = ""
    rlm_realm: Proxying request from user user to realm
    rlm_realm: Preparing to proxy authentication request to realm ""
++[suffix] returns updated
  rlm_eap: Request is supposed to be proxied to Realm Not doing EAP.
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
There was no response configured: rejecting request 0
  Found Post-Auth-Type Reject
+- entering group REJECT
    expand: %{User-Name} -> user at
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request

Thanks in advance!
Hotmail: Trusted email with powerful SPAM protection.

More information about the Freeradius-Users mailing list