freeRADIUS -> AD Auth (<100kb)

Herwin Weststrate herwin at
Wed Aug 13 18:13:42 CEST 2014

On 13-08-14 17:51, nfischer at wrote:
> Hi!
> Okay Im one step further.
> It now fails with:
> [pap] WARNING! No "known good" password found for the user. 
> Authentication may fail because of this.
> Im not really sure what the problem is...

I see this part in the logs:

  [mschap] Told to do MS-CHAPv2 for hausmeister at oblan with NT-Password
  [mschap]        expand: %{User-Name} -> hausmeister at oblan
  [mschap]        expand: --username==%{%{User-Name}:-None}} ->
  --username==hausmeister at oblan}
  Exec-Program output: Password: NT_STATUS_NO_SUCH_USER: No such user

Active Directory can be a bit weird when trying to do authentication
with usernames where the domain is given via the postfix (@domain)
notation. Adding "--domain=%{mschap:NT-Domain}" to the params of
ntlm_auth may work (even if it gets expanded to an empty string).

Herwin Weststrate

More information about the Freeradius-Users mailing list