default authentication via windows active directory LDAP instead of /users

Stefan Paetow Stefan.Paetow at
Wed Mar 8 17:49:47 CET 2017

> <>
> wiki links to this article) states that eap.conf (/freeradius/eap.conf in
> my case) that nothing has to be changed in eap.conf if you use Microsoft

And you shouldn't have to either. When you read such pages, consider that those pages were written for *that specific company*, *NOT* as a general reference for others. The page in question specifically says that it is for the 'bind-as-user' case in FreeRADIUS 3.0 (in which the LDAP module connects as the given user with the given password and considers that a successful authentication), but that this is limited to using EAP-TTLS with PAP.

If you are not using FreeRADIUS 3.0, then chances are that you would get the failures you described.

The page also comes with a big fat warning that says that changes in the LDAP module may render the advice inaccurate.

I should know... I wrote that page in 2014 when I had to consider using bind-as-user as a method of authentication.

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at
skype: stefan.paetow.janet

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP
URL: <>

More information about the Freeradius-Users mailing list