freeRadius against Active Directory

Michael Schwartzkopff misch at
Tue Oct 9 09:36:23 CEST 2012

> Hi,
> I thought the whole meaning of binding a freeRadius to an Active Directory
> is that I have from now on just to configure Users in the AD.
> So every device I want to authenticate on asks the FR which then asks the
> AD. So the AD will answer if the User is valid and which Service-Type he
> has.
> On my AD Server I installed the Role NPS, configured a RADIUS-Client and
> some Network Policies. Maybe I am on the right way, maybe not... :-(
> The AD succesfully tells the FR if the user is valid, just that
> Service-Type is missing.
> Martin


as stated in the doc on deployingradius:
"In this configuration, we are using Active Directory as an authentication 
oracle, and not as an LDAP database."

So it seems that you will not get any attributes back from AD. If your NAS 
expects the Service-Type attribute you would have to add it on the fly from 
your FreeRADIUS configuration.


Dr. Michael Schwartzkopff
Guardinistr. 63
81375 München

Tel: (0163) 172 50 98
Fax: (089) 620 304 13
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Freeradius-Users mailing list