freeRadius against Active Directory

Martin.Heinzmann at Martin.Heinzmann at
Tue Oct 9 08:51:13 CEST 2012

I thought the whole meaning of binding a freeRadius to an Active Directory
is that I have from now on just to configure Users in the AD.
So every device I want to authenticate on asks the FR which then asks the
AD. So the AD will answer if the User is valid and which Service-Type he
On my AD Server I installed the Role NPS, configured a RADIUS-Client and
some Network Policies. Maybe I am on the right way, maybe not... :-(
The AD succesfully tells the FR if the user is valid, just that
Service-Type is missing.



>>    Now I am having the problem that the devices I want to authenticate
>>    requesting the Service-Type(Attribute 6). Do you have any idea how to
>>    the Service-Type in Active Directory for each user? Is that even
>>    or do I have to configure the users file for each user and his
>>    corresponding Service-Type?

>service-type will have come from the NAS - if you are running FR with
>dictionaries then you would see what type of service-type is coming in eg
>or authenticate-only.  if you want to use policies then you can define
those in
>eg users file, get them via LDAP (authorize), or in SQL etc.


Privileged and/or Confidential information may be contained in this
message. If you are not the addressee of this message, you may not
copy, use or deliver this message to anyone. In such event, you
should destroy the message and kindly notify the sender by reply
e-mail. It is understood that opinions or conclusions that do not
relate to the official business of the company are neither given
nor endorsed by the company.

Thank You.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list