Freeradius authenticate against Active directory

trevor obba trevor_obba at
Fri Sep 13 01:23:47 CEST 2013

I am running freeradius 2.2.0, I have configured freeradius
to authenticate against active directory and also offer eduroam service 
 When I authenticate
my username as “test” and password in to my wireless devices it works.

However if I try to authenticate my username as test at it does not work because
freeradius pass on test at to active
directory without stripping out as shown below:

[mschapv2] # Executing group from file
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username:
test at
[mschap] Client is using MS-CHAPv2 for test at,
we need NT-Password
expand: --username=%{mschap:User-Name:-None} -> --username=test at
[mschap] No NT-Domain was found in the User-Name.
expand: %{mschap:NT-Domain} -> 
... expanding second conditional
expand: --domain=%{%{mschap:NT-Domain}:-UNIVERSITY} -> --domain=UNIVERSITY
[mschap] Creating challenge hash with username:
test at
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=6d98addf3855kk34f22
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=278994tg713ccd713g8876666k1196faaf038ef
Exec-Program output: Logon failure (0xc00004f) 
How can I fix the problem of authentication users that type
in there local realm with their username as well as proxing eduroam
Basically, how do I authenticate local user or stripe local
realm before pass to active directory for authentication?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list