AD Authentication via python module eventually fails

Alan DeKok aland at
Thu Oct 3 00:17:15 CEST 2019

On Oct 2, 2019, at 5:39 PM, Orestes Leal Rodríguez <olealrd1981 at> wrote:
> I mentioned in the other email it was the boss' decision. I cannot do
> anything if he doesn't want to do it another way (I suggested go
> through ntlm_auth but it was not chosen.

  So he's making decisions which break the corporate infrastructure?


> The script just import the ldap module, binds to a GC server to
> fullfills the authentication requests and return falsoe y the password
> is incorrect or the account it's not found, or true if the auth was
> correct.

  FreeRADIUS can do this with the native LDAP module.  You don't need to do ntlm_auth.

> We have two backends domains so that was the reason it was
> done this way (although I had an alternative doing the same using
> ntlm_auth).

  FreeRADIUS can use two LDAP modules, one for each back-end domain.

  It's simpler, faster, more standard, and it *works*.

  I'd say tell your boss that he's wrong, but I'm sure he already knows that.

  Alan DeKok.

More information about the Freeradius-Users mailing list