PAP authentication to Active Directory

Axford M.F. M.F.Axford at
Wed Jul 13 19:04:10 CEST 2011


I'm currently setting up a radius server to authenticate EAP based requests against Active Directory.

Using Alan Dekok's guide I've got this authenticating mschap based EAP requests successfully.

I also want to authenticate ttls/pap requests and I've found two ways to do this that seem to work.

Method 1 is based on whats in

Method 2 is to use LDAP for pap authentications.

All things being equal my preference is to use Method 1 as it keeps all authentications the same, however the:
        if (!control:Auth-Type) {
                update control {
                        Auth-Type = ntlm_auth_pap
In the inner-tunnel/authorize section seems a bit like a hack. Is there a better way to do this ?

Is either method particularly better than the other ?


Mike Axford

Mike Axford
Enterprise Systems
University of Southampton
SO17 1BJ

Email:  M.F.Axford at
Phone:  023 8059 5337

More information about the Freeradius-Users mailing list