Help authenticating to Active Directory

Alan DeKok aland at
Sun Sep 3 19:23:59 CEST 2017

On Sep 3, 2017, at 1:12 PM, Jarett DeAngelis <jarett at> wrote:
> I am trying to set up FreeRADIUS such that it can authenticate users for OpenVPN via Active Directory and pass a challenge back for a one-time passcode for two-factor authentication. Step one is getting AD authentication working, which appears to work fine when I do an ntlm_auth check except that FreeRADIUS denies the login. Can someone help me figure out what I’m doing wrong?

  Follow my guide:

  It will work.

> Here is a log of a radtest login:
> +group authorize {
> ++[preprocess] = ok
> [ntlm_auth] 	expand: --username=%{mschap:User-Name} -> --username=fakeuser
> [ntlm_auth] 	expand: --password=%{User-Password} -> --password=fakepassword
> Exec output: NT_STATUS_OK: Success (0x0) 
> Exec plaintext: NT_STATUS_OK: Success (0x0) 
> [ntlm_auth] Exec: program returned: 0

  That's nice, but it doesn't tell the server that the user has been authenticated.

> ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
> Failed to authenticate the user.

  That should tell you something's wrong.

  Follow the guide.  It will work.

  Alan DeKok.

More information about the Freeradius-Users mailing list