FreeRADIUS authentication using Active Directory

Question

I am trying to implement RADIUS authentication using Active Directory. I want requests to RADIUS to be sent to AD server and RADIUS responds according to its result.

I've already joined RADIUS server to domain, so I can do
ntlm_auth --request-nt-key --domain=MYDOMAIN --username=user --password=password
and it works.

Now I am trying to make FreeRADIUS use ntlm_auth according to this manual, but after adding

DEFAULT     Auth-Type = ntlm_auth

to users file radiusd doesn't start. Without it radiusd starts but doesn't authenticate using AD.

Error when radiusd not starting:

/etc/raddb/mods-config/files/authorize[1]: Parse error (check) for entry DEFAULT: Unknown value 'ntlm_auth' for attribute 'Auth-Type'
Failed reading /etc/raddb/mods-config/files/authorize
/etc/raddb/mods-enabled/files[9]: Instantiation failed for module "files"

I am using FreeRADIUS 3.0.4, CentOS 7.2

How to make FreeRADIUS to proxy authentication requests to Active Directory?

Are you unaware that Windows includes its own RADIUS server? — Michael Hampton, Dec 10 '16 at 17:17
Now I am aware and will try this way. But is the way I described impossible? — Tatyana, Dec 10 '16 at 17:36
It might be possible. But it will certainly be much easier to use Windows NPS, especially if most of the users are using Windows. — Michael Hampton, Dec 10 '16 at 17:39

FreeRADIUS authentication using Active Directory

0 Answers0