Trying to wrap my head around FreeRadius config

Moe, John jmoe at
Thu Jul 21 01:06:44 CEST 2011

> -----Original Message-----

>   So ask *specific* questions about what you expect, what's happening,
> and what you think is going wrong.

>   Ask small questions, instead of long ones.  It really makes a
> difference.

Well, ok, I'll start again, go as far as I can, and then ask questions about
what I'm seeing and what I don't understand.

>   Users don't log into switches.  Details matter.

They do if they need to configure the switch.  I meant admin users, not
general users, but it's still authenticating a user account using RADIUS.

>   In any case... just configure AD as an LDAP server.  Uncomment "ldap"
> in raddb/sites-enabled/default.  It *will* work.

Hang on, this works?  I thought I'd read online again and again that if
you're authenticating against Active Directory, you must use ntlm_auth,
because AD doesn't respond properly to the LDAP and KRB modules?  I'd
specifically tried to research this very question, and thought I'd come out
with the understanding ntlm_auth needed to be used?  Will LDAP work properly
against AD?

>   I have no idea why this is a problem.  Follow the guide on
>  It's detailed, and it works.

Which specific guide are you talking about?  Or are you talking about the
several individual guides I'd mentioned before?
>   Alan DeKok.

John H. Moe
Network Support - Hatch IT
Tel: +61 (7) 3166 7777
Direct: +61 (7) 3166 7684
Fax: +61 (7) 3368 3754
Mobile: +61 438 772 425
61 Petrie Terrace, Brisbane, Queensland Australia 4011

NOTICE - This message from Hatch is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential or proprietary. 
Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. By communicating with us via e-mail, you accept such risks.  When addressed to our clients, any information, drawings, opinions or advice (collectively, "information") contained in this e-mail is subject to the terms and conditions expressed in the governing agreements.  Where no such agreement exists, the recipient shall neither rely upon nor disclose to others, such information without our written consent.  Unless otherwise agreed, we do not assume any liability with respect to the accuracy or completeness of the information set out in this e-mail.  If you have received this message in error, please notify us immediately by return e-mail and destroy and delete the message from your computer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5549 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list