Help PLease

Michael Ströder michael at
Mon Mar 30 23:40:48 CEST 2015

Adam Schappell wrote:
> # Executing section authorize from file
> /etc/raddb/sites-enabled/inner-tunnel
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop

What mech do you want to use in the inner channel (within EAP-TTLS)?

Since my OpenLDAP server only has hashed passwords I'm using PAP with 
Auth-Type LDAP inside EAP-TTLS. pap seems not to be configured in your 

Your mileage may vary.

> [ldap] expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) ->
> (sAMAccountName=CORP\5caschappell)
> [ldap] expand: dc=corp,dc=clearedgeit,dc=com ->
> dc=corp,dc=clearedgeit,dc=com
>    [ldap] ldap_get_conn: Checking Id: 0
>    [ldap] ldap_get_conn: Got Id: 0
>    [ldap] performing search in dc=corp,dc=clearedgeit,dc=com, with filter
> (sAMAccountName=CORP\5caschappell)
 >    [ldap] object not found

Why the hell did you enter the user name with NETBIOS domain prefix?

FreeRADIUS is *not* a typical Windows component using the 
Windows-CrackNames-API. So just enter "aschappell" (without the quotes) as 
user name.

Sorry, you should try to read more of the numerous public how-tos describing 
how to attach FreeRADIUS to MS AD and analyze which mechs are used.

(I'm also rather a FreeRADIUS beginner and I read many of those how-tos recently.)

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the Freeradius-Users mailing list