Freeradius with Active Directory

Stefan Paetow Stefan.Paetow at
Mon Jun 16 14:19:44 CEST 2014

Well, the message is very clear. There is no domain in the username.

You can either try to enter 'DOMAIN\prashant' (where DOMAIN is the domain of your Active Directory) and let one of the modules deal with it, or you can modify the ntlm_auth command-line and specify it there.


From: at [ at] On Behalf Of Prashant A
Sent: 16 June 2014 13:06
To: freeradius-users at; dev1278977 at
Subject: Freeradius with Active Directory

Hi All,

I have followed the guide for integrating freeradius with active directory which is mentioned here,

So finally,

radtest -t mschap prashant Active at 123 localhost 0 testing123

Gives me following output

Sending Access-Request Id 40 from to
    User-Name = 'prashant'
    NAS-IP-Address =
    NAS-Port = 0
    Message-Authenticator = 0x00
    MS-CHAP-Challenge = 0x42b125cb7f6408b4
    MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000c82b9abb20333db96efcb1f93beb602b39ebbd007a8c0392
Received Access-Accept Id 40 from to length 84
    MS-CHAP-MPPE-Keys = 0x
    MS-MPPE-Encryption-Policy = Encryption-Allowed
    MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed

But when I try to login from webpage I am getting following response

(0) mschap : Client is using MS-CHAPv2
(0) mschap : Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-mycompany.local} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
(0) mschap : EXPAND --username=%{mschap:User-Name:-None}
(0) mschap :    --> --username=prashant
(0) ERROR: mschap : No NT-Domain was found in the User-Name
(0) mschap : EXPAND --domain=%{%{mschap:NT-Domain}:-mycompany.local}
(0) mschap :    --> --domain=mycompany.local
(0) mschap : Creating challenge hash with username: prashant
(0) mschap : EXPAND --challenge=%{mschap:Challenge:-00}
(0) mschap :    --> --challenge=e5d49180d36eb904
(0) mschap : EXPAND --nt-response=%{mschap:NT-Response:-00}
(0) mschap :    --> --nt-response=0000000e0000000000000000000000000000000000000000
(0) ERROR: mschap : Program returned code (1) and output 'Logon failure (0xc000006d)'
(0) mschap : External script failed.
(0) ERROR: mschap : External script says: Logon failure (0xc000006d)
(0) ERROR: mschap : MS-CHAP2-Response is incorrect
(0)   [mschap] = reject
(0)  } # Auth-Type MS-CHAP = reject

Can somebody help me to understand what exactly the issue. I am using FreeRADIUS Version 3.0.3 and Samba version 3.6.3.

Thanks & Regards,

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list