FreeRADIUS + Microsoft Active Directory

Caines, Max Max.Caines at
Thu Jun 8 10:43:38 CEST 2017


There are basically three ways FreeRadius can authenticate against AD:

1. Using LDAP. This is unlikely to work except in special circumstances, as AD does not by default make the password available in any attribute FreeRadius can read. In addition, unless your AD has very weak security, you will need credentials to read entries using LDAP.
2. Using Samba or Winbind (which is part of Samba). This involves the FR server becoming a member of the AD domain. You will need credentials to carry out that step, though once the relationship exists, you won't need them again.
3. By proxying the incoming RADIUS requests that require authentication to a Microsoft NPS server. NPS is Microsoft's RADIUS implementation, but it's much less flexible that FR. It also has some eccentricities, and doesn't stick to the standards very well, but we, like (I think) a few other UK universities, are currently using it for this. That doesn't require any credentials, but it does require a Windows server running NPS

Hope that helps


-----Original Message-----
From: Freeradius-Users [ at] On Behalf Of Amir Kalhori
Sent: 07 June 2017 16:35
To: freeradius-users at
Subject: FreeRADIUS + Microsoft Active Directory


Is it possible integrate FreeRADIUS 3.x and Microsoft Active Directory without any active directory credential ?

Best Regards,

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list