Need both Local (MySQL database) and Active directory authentications.

ffgch2 ffgch2 at
Thu Apr 11 15:06:10 CEST 2013

Hi all,

I have set up Freeradius  (v.2.1.10) to do password authentication from
MySQL database and it works fine but now I need to make some users be able
to authenticate against Active directory accounts. I’ve setup winbind to
authenticate windows accounts and it works but as a result freeradius lost
ability to authenticate by local database.

So if I comment the line:

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"

in /modules/mschap file then local database authentication works fine but
Active directory doesn’t. With uncommented ntlm_auth Active directory works
but local database doesn’t.

The WiFi access points that queries the radius using WPA-Enterprise, so
passwords encrypted in EAP messages and so there is no another way to
validate the passwords, it have to go through mschap module anyway.
Is there a way to tell mschap to use ntlm_auth depending on field in MySQL
table and use the internal mechanisms if plain text passwords available in
the MySQL table?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list