Active Directory - FreeRADIUS returns reject when ntlm_auth returns NT_KEY

Arran Cudbard-Bell a.cudbardb at
Sun Sep 27 00:16:59 CEST 2015

> On 26 Sep 2015, at 17:28, Matthew Newton <mcn4 at LEICESTER.AC.UK> wrote:
> On Sat, Sep 26, 2015 at 09:18:39AM +0100, Alan Buxey wrote:
>> Permissions on the winbind_privileged directory? radiusd (or
>> whatever you run the process as ) part of the wbpriv group?
> This. Try running ntlm_auth as the same user FR is running as to
> test. Though I'm slightly surprised if it is this that you get a
> login failure rather than some permissions error.
> What version of Samba? If >=4.2.1 you can now ditch ntlm_auth
> altogether :-)

Mmm, and although debian/ubuntu don't ship 4.2.1, the samba guys provide their own debian repo which you can use to upgrade.

Same with RHEL/Centos IIRC.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list