FreeRADIUS 3 and Expired AD Passwords for Wireless Auth

Alan DeKok aland at
Fri Jan 26 20:49:43 CET 2018

On Jan 26, 2018, at 12:34 PM, Trinklein, Jason R <trinkleinj at> wrote:
> We are using FR3 for WPA2 Enterprise authentication to our wireless network.
> We have been having issues with various user devices not prompting for new passwords after the old one expires in AD. Instead, the user simply gets a message that they are “unable to connect to network”. This requires the user to remove the network from their device and re-associate. Sometimes in Windows, the user must delete and reinstall the wireless adapter.

  Do you have the mschap module configured to allow password changes?

> I’m unsure if there is something wrong with our FreeRADIUS configuration that is improperly communicating the nature of the authentication failure to the user devices. Does anyone have any suggestions? We are running FreeRADIUS 3 on Ubuntu with winbind (not ntlm_auth) connections to our Active Directory server. It may have nothing to do with our FR3 servers…is anyone else facing similar password expiration challenges?

  I haven't seen any issues reported.

  Alan DeKok.

More information about the Freeradius-Users mailing list