Is Radius Authorization bound to Radius Authentication?

little-nemo at little-nemo at
Fri Sep 8 11:52:31 UTC 2023

Dear members,
I managed to autenticate users through MschapV2/ntlm_auth vs Active Directory (reference#1, reference#2 Freeradius version: 3.0.21.
Then I read "Authentication systems and protocol compatibility" and "Authenticating Users with LDAP", so now I wonder whether I could also use LDAP(S) for the Authorization phase-only.

The doubt comes from the presence of the "identity" in mods-available/ldap.
Is that Identity used for the binding to AD? I guess so.
Thus, username/password of the user trying to authenticate are not involved in the LDAP binding. Am I wrong?
Is it worth to spend additional time to study how to setup LDAP Authorization? The primary goal is to read group membership but in future other needs may arise.

Thanks in advance for your time.


More information about the Freeradius-Users mailing list