freeRadius 2.1.10 PEAP/MSCHAPv2 w/ Active Directory

Alan DeKok aland at
Thu Apr 11 20:05:49 CEST 2013

trevor_marquis at wrote:
> Hello all,
> I'm new to freeRadius and am using freeRadius version 2.1.10

  Upgrade to 2.2.0.  It has a number of issues fixed.

> for some
> lab testing.  I've got freeradius extracting users and passwords from an
> Active Directory database.  I'm using PEAP/MSCHAPv2.  All configs have
> been working until about a week or so ago.  All of a sudden, my mschapv2
> challenge/response is not correct.
> Not sure where exactly the problem is occurring so I've posted the debug
> output below.  If other config files are necessary, I can post them too.

  Well... the debug output seems pretty clear.

> *Exec-Program output: Access denied (0xc0000022)*
> *Exec-Program-Wait: plaintext: Access denied (0xc0000022)*
> *Login incorrect (mschap: External script says Access denied

  What is unclear about that?

  ntlm_auth is running, and AD is returning that error.  No amount of
poking FreeRADIUS will fix an AD access issue.

  Alan DeKok.

More information about the Freeradius-Users mailing list