Active Directory authentication question

Alan DeKok aland at
Wed Sep 18 16:25:19 CEST 2013

Roberto Carna wrote:
> Dear, I have several Windows 7 clients over WiFi autheticating throug
> EAP-TLS to a Freeradius 2.1 service against a local MySQL database, it
> works OK.

  EAP-TLS doesn't use MySQL for storing credentials.  Everything is in
the certificate.

> Now I have to change the authentication from MySQL to a remote Active
> Directory on a Windows 2012 server.

  FreeRADIUS is an authentication server.  MySQL is not.  It's a database.

  Using the correct terminology menas it's easier to come up with a
solution.  Using the wrong terminology means you're lost, and you can't
find a solution.

> Because I don't know so much about Windows world, I need to know if I
> have to use NTLM, LDAP or Kerberos in order to authenticate against
> the remote AD.

  For MS-CHAP and PEAP, you use ntlm.  You don't have any other choice.

  For EAP-TLS, you don't use AD or MySQL.

  Alan DeKok.

More information about the Freeradius-Users mailing list