Free radius authentication with AD using ldap

Vikash Gounder Vikash.Gounder at
Tue Nov 29 00:29:33 CET 2011

So in this case what changes do I need to make in order for it to work.

Sorry am bit lost right now.

Thanks and appreciate it.

Sent from my iPhone

On 29/11/2011, at 10:22 AM, "Fajar A. Nugraha" <list at> wrote:

> On Tue, Nov 29, 2011 at 4:03 AM, Vikash Gounder
> <Vikash.Gounder at> wrote:
>> Hi Fajar,
>> Thanks so much for replying.
>> The debug log for local test against AD is attached:
>> Listening on authentication address * port 1812
>> Listening on accounting address * port 1813
>> Listening on command file /var/run/radiusd/radiusd.sock
>> Listening on proxy address * port 1814
>> Ready to process requests.
>> rad_recv: Access-Request packet from host port 35067, id=16, length=61
>>        User-Name = "uldaptest"
> See this line?
>>        User-Password = "usk.173n!"
>> [ldap] user DN: CN=Unilinc ldaptest,OU=System Accounts,OU=Generic Accounts,DC=acustaff,DC=acu,DC=edu,DC=au
>> rlm_ldap: (re)connect to, authentication 1
>> rlm_ldap: bind as CN=Unilinc ldaptest,OU=System Accounts,OU=Generic Accounts,DC=acustaff,DC=acu,DC=edu,DC=au/usk.173n! to
>> rlm_ldap: waiting for bind result ...
>> rlm_ldap: Bind was successful
>> [ldap] user uldaptest authenticated succesfully
> This is ldap bind. It'll work if the user password is available as
> plain text in the request (e.g. using PAP with radtest). It will not
> work if the user password is not available in the request (e.g.
>> I got a question for you?? If only using for WPA, do I also need to configure samba and use nltm_auth, since this radius device will be used by ipad, netbooks etc etc etc....
> Yes, since you set your AP to use WPA2/radius auth the clients will
> usually use EAP-PEAP-MSCHAPv2, where user password is not available as
> plain text in the request.
> -- 
> Fajar
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list