Freeradius + AD authentication passing Domain+User

Alan DeKok aland at
Thu Jun 15 19:05:31 CEST 2017

> On Jun 15, 2017, at 12:22 PM, Alejandro Cabrera Obed <aco1967 at> wrote:
> Dear, we have a Freeradius 2.2.5 server in order to authenticate WiFi users
> from cell phones and notebooks.
> In the case of cell phones, the users type the corresponding usernames and
> passwords and after that Freeradius passes it to the AD and everything
> works OK.

  That's good.

> In the case of the notebooks, the Windows users are logged into our DC
> domain, then they type the username or username at domain or domain\username
> with the corresponding passwords but in theses cases they can't
> authenticate against the AD (there is a reject message in the Freradius
> log).

  So... what is the reject message?

  Please post the full debug output as suggested in the FAQ, "man" pages, wiki, and daily on this list.

> In case they are not logged into the domain, and they are local users
> in the notebooks, if they type just their usernames (without domain) they
> authenticate OK.

  That's good.

> So how can I authenticate Windows users against the AD when they are logged
> into the domain??? Do I have to define a special directive in a config file
> from freeradius, winbind or samba?

  It's not magic.  But it DOES require that you read the debug output.

  Alan DeKok.

More information about the Freeradius-Users mailing list