Hi all,

Happy new year 2017 for everyone!!

We have a FreeRADIUS V3 running on Ubuntu server. Server installed and configured with Integration to
Active Directory, running Server 2008. Our Freeradius allows connection of AD users with MAC , Ubuntu,
And Win Desktop, to login the WIFI (Cisco OS) using AD Accounts.

I need to configure our FreeRadius on all Switches & Routers so that login will be carried out via
The AD account,instead local user. In same way that users connect today to the Cisco Wireless. 

I went through a lot of guides and tutorials, and it just refuse to work. 

I enclose the findings I have gathered so far from FreeRADIUS:
* When running “wbinfo -u | grep user” I'm able to get the AD User.

* Running of : "ntlm_auth --request-nt-key --domain=MY.ACTUAL.DOMAIN --username=username" 
Return :  Password: NT_STATUS_OK: Success (0x0)

* When adding the Cisco 2960 switch to clients file with user&password in cleartext, I’m able to login to switch successfully.

* Running radtest check against AD user i.e: “radtest AD_User passwd 127.0.0.1 1812 secretkey”
Return “Expected Access-Accept got Access-Reject” 

* When running FreeRadius in debug via freeradius -X and attempting login Cisco,
Below errors that recorded to the log screen:

- ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject
- mschap: ERROR: MS-CHAP2-Response is incorrect
- MS-CHAP-Error = "\010E=691 R=1 C=06969570e488834b8cefb2ec3e748b81 V=3 M=Authentication failed"
- ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
-  pap: WARNING: No "known good" password found for the user.  Not setting Auth-Type
- pap: WARNING: Authentication will fail unless a "known good" password is available

At this point , really ran out the ideas. What I'm missing, on which configuration file,
And what need to add / change, to make it work.

I greatly appreciate any help here guys.