Problem mit FreeRADIUS mit Anbindung an AD

Hallo,

ich habe ein Problem mit meiner FreeRADIUS-Konfiguration.
Versuche mit NTRadPing und mit "radtest" funktionieren, ebenso ntlm_auth über Konsole.
Was nicht geht ist die Benutzeranmeldung, wenn man sich über einen AccessPoint verbindet.

Hier sind die Logs von "freeradius -X":
NTRadPing

Going to the next request
Waking up in 0.3 seconds.
Cleaning up request 4 ID 5 with timestamp +106
Waking up in 3.2 seconds.
rad_recv: Access-Request packet from host <IP> port 62659, id=8, length=43
User-Name = "User"
User-Password = "Password"

Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "User", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
++- entering policy ntlm_auth.authorize {...}
+++? if (!control:Auth-Type && User-Password)
? Evaluating !(control:Auth-Type ) -> TRUE
? Evaluating (User-Password) -> TRUE
+++? if (!control:Auth-Type && User-Password) -> TRUE
+++- entering if (!control:Auth-Type && User-Password) {...}

[control] returns noop
+++- if (!control:Auth-Type && User-Password) returns noop
++- policy ntlm_auth.authorize returns noop
Found Auth-Type = ntlm_auth

Executing group from file /etc/freeradius/sites-enabled/default

+- entering group ntlm_auth {...}
[ntlm_auth] expand: --username=%{mschap:User-Name} -> --username=User
[ntlm_auth] expand: --password=%{User-Password} -> --password=Password
Exec-Program output: NT_STATUS_OK: Success (0x0)
Exec-Program-Wait: plaintext: NT_STATUS_OK: Success (0x0)
Exec-Program: returned: 0
++[ntlm_auth] returns ok

Executing section post-auth from file /etc/freeradius/sites-enabled/default

+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 8 to 10.0.1.165 port 62659
Finished request 7.
Going to the next request
Waking up in 1.8 seconds.
Cleaning up request 5 ID 6 with timestamp +110
Waking up in 1.3 seconds.
Cleaning up request 6 ID 7 with timestamp +111
Waking up in 1.7 seconds.
Cleaning up request 7 ID 8 with timestamp +113
Ready to process requests.

radtest

Going to the next request
Waking up in 1.8 seconds.
Cleaning up request 5 ID 6 with timestamp +110
Waking up in 1.3 seconds.
Cleaning up request 6 ID 7 with timestamp +111
Waking up in 1.7 seconds.
Cleaning up request 7 ID 8 with timestamp +113
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 53165, id=31, length=73
User-Name = "User"
User-Password = "Password"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0xb1a874926be72970d32e52a65ff5e1b8

Executing section authorize from file /etc/freeradius/sites-enabled/default

[control] returns noop
+++- if (!control:Auth-Type && User-Password) returns noop
++- policy ntlm_auth.authorize returns noop
Found Auth-Type = ntlm_auth

Executing group from file /etc/freeradius/sites-enabled/default

Executing section post-auth from file /etc/freeradius/sites-enabled/default

+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 31 to 127.0.0.1 port 53165
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.

radtest

Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 8 ID 31 with timestamp +166
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 33125, id=28, length=129
User-Name = "<User>"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0xd9bd228def8ce72c3c9a1db8bbc0c71c
MS-CHAP-Challenge = 0x9211cf203effcf6e
MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000212f163d158bed24d7a55fe5bce31da32ff9dde32c64f1f0

Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "User", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
++- entering policy ntlm_auth.authorize {...}
+++? if (!control:Auth-Type && User-Password)
? Evaluating !(control:Auth-Type ) -> FALSE
? Skipping (User-Password)
+++? if (!control:Auth-Type && User-Password) -> FALSE
++- policy ntlm_auth.authorize returns noop
Found Auth-Type = MSCHAP

Executing group from file /etc/freeradius/sites-enabled/default

+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv1 with NT-Password
[mschap] expand: --username=%{mschap:User-Name:-None} -> --username=User
[mschap] No NT-Domain was found in the User-Name.
[mschap] expand: %{mschap:NT-Domain} ->
[mschap] ... expanding second conditional
[mschap] expand: --domain=%{%{mschap:NT-Domain}

OMAIN} -> --domain=DOMAIN
[mschap] mschap1: 92
[mschap] expand: --challenge=%{mschap:Challenge

0} -> --challenge=9211cf203effcf6e
[mschap] expand: --nt-response=%{mschap:NT-Response

0} -> --nt-response=212f163d158bed24d7a55fe5bce31da32ff9dde32c64f1f0
Exec-Program output: NT_KEY: 9E41CC913E3A0FF58DE47D891F829D3D
Exec-Program-Wait: plaintext: NT_KEY: 9E41CC913E3A0FF58DE47D891F829D3D
Exec-Program: returned: 0
[mschap] adding MS-CHAPv1 MPPE keys
++[mschap] returns ok

Executing section post-auth from file /etc/freeradius/sites-enabled/default

+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 28 to 127.0.0.1 port 33125
MS-CHAP-MPPE-Keys = 0x00000000000000009e41cc913e3a0ff58de47d891f829d3d0000000000000000
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.

Verbindung über den AccessPoint

Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 9 ID 28 with timestamp +188
Ready to process requests.
rad_recv: Access-Request packet from host IP_AP port 2048, id=6, length=147
User-Name = "User"
NAS-IP-Address = IP_AP
NAS-Port = 0
Called-Station-Id = "B0-48-7A-CE-4F-89:WLAN-Test"
Calling-Station-Id = "00-13-CE-C8-89-8A"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x020100080165736a
Message-Authenticator = 0xb5fcb781b8baf1e6a08277d2053f77f8

Executing section authorize from file /etc/freeradius/sites-enabled/default

+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "User", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
++- entering policy ntlm_auth.authorize {...}
+++? if (!control:Auth-Type && User-Password)
? Evaluating !(control:Auth-Type ) -> TRUE
? Evaluating (User-Password) -> FALSE
+++? if (!control:Auth-Type && User-Password) -> FALSE
++- policy ntlm_auth.authorize returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject

Executing group from file /etc/freeradius/sites-enabled/default

+- entering group REJECT {...}
++- group REJECT returns noop
Delaying reject of request 10 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 10
Sending Access-Reject of id 6 to 172.16.50.11 port 2048
Waking up in 4.9 seconds.

Woran kann das liegen?