Deploying FreeRadius against Active Directory

Alan DeKok aland at
Fri Mar 1 13:49:20 CET 2019

On Mar 1, 2019, at 1:43 AM, Mathieu Simon (Lists) <matsimon.lists at> wrote:
> The guide should still work as is, nothing has dramatically changed that
> I could spot.

  Yes.  I check it occasionally against new releases of Samba.

> Unless wbinfo and ntlm_auth from Samba do work as
> indicated there, you likely will have to debug Samba and the domain join
> on the Samba side before looking more closely into FreeRADIUS.

  That really is the critical thing.  The major problem people run into is the following kind of question:

Q:  "I changed six things by following a guide, and it didn't work.  What's wrong?"

A: "Damned if I know."

  That's why my guide is split into many short pieces.  The goal is to get people to do one step at a time.  If that step doesn't work... don't go to the next step.

> TL;DR: Try to identify where you are running into issues - is it Samba
> or FreeRADIUS at first?


Q:  "Stuff is wrong.  What do I change?"

A: "Other stuff?"

  Most people don't know this, but my background is nuclear physics.  I had a methodical approach pretty much beaten into my (and the other grad students) by the professors.  That approach is really the only way to solve complex problems.

  Alan DeKok.

More information about the Freeradius-Users mailing list