Need help with Freeradius and 802.1X

Alan DeKok aland at
Wed Nov 2 15:53:13 CET 2011

johnboy68 wrote:
> I have ntlm_auth working.  I can auth my AD users with this command:
> radtest -t mschap aduser aspassword localhost 0 testing123
> And it works.


> My problem is when I configure one of my Cisco switches to do 802.1x and
> authenticate with Freeradius my Windows (Windows 7 and Vista) machines fail
> to get authorized with the Windows supplicant.  I am running Freeradius in
> debug mode and have tried to trace down where it is failing on my own but
> since I have no experience in this area I am just chasing my tail.  Is it a
> problem with PEAP, EAP, TLS?  Do I need a certificate?  I just don't know
> and if I did I wouldn't know how to configure it.  I have not been able to
> find any conclusive documentation in this area.

  The Wiki describes this.  See the "Certificate Compatibility" page.
See also my AD integration guide:  That
should be pointed to from the Wiki, too.

  That guide contains *detailed* instructions for what to do.  The only
time it hasn't worked for people is when they didn't follow its

> I could put the output here of what Freeradius outputs during a connection
> attempt but I since I am testing this in our production environment, I don't
> want to put that kind of information out in a public forum.

  Run it in debug mode and read the output.  What does it say?  What
warnings / errors does it produce?

  Alan DeKok.

More information about the Freeradius-Users mailing list