FreeRADIUS & AD LAP Communication

stefan.paetow at stefan.paetow at
Wed Nov 20 18:36:37 CET 2013

> 3a) Following is the out-put with REJECT access, Perhaps because password storage in AD is not clear text, is it due to that? 
>     Perhaps it cannot be tested with redtest?  i am using the following to test, is it correct test 
> radtest mike aabb88@ localhost 1812 HYbbunINFDR$88

Correct. Active Directory does not store its passwords in plain-text. Active Directory only accepts NTLM/MSCHAPv2 authentication (or Kerberos, but that's a whole different kettle of fish).

Additionally, you are better off testing EAP-TTLS/EAP-MSCHAPv2 or EAP-PEAP with Active Directory since that is what the general use case is. For that, you need eapol_test, which is part of the wpa_supplicant package. 

See first, then and for details :-)


This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail.
Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. 
Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message.
Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom

More information about the Freeradius-Users mailing list