AD authorization with LDAP module? Mix with other methods necessary?

uj2.hahn at uj2.hahn at
Wed Jan 22 08:10:58 CET 2020

I have another general question.
I have a running freeradius instance on Ubuntu for authorization against 
Windows AD, based on ntlm_auth.
But to get more group depended post-auth capabilities I thought I can 
switch to LDAP module.
I tested that in a test installation with OpenLDAP (instead of AD) and 
it worked fine.
But now I was going to rollout this method to AD and failed to check the 
good password.
Of course I'm aware that OpenLDAP and AD handles passwords differently 
so the surprise was not too big.

So my questions are:
- can I mix ntlm_auth for authorization and LDAP to do some group 
depended post-auth actions?
- is that needed at all and there are ways to run LDAP only (in that 
case I probably did something
   wrong so far)?


More information about the Freeradius-Users mailing list