wireless+freeradius+AD

King, Michael MKing at bridgew.edu
Mon Nov 21 15:50:15 CET 2005


 
> Oh, excellent. I just joined this list hoping to query the 
> members on finding more information on doing 
> wireless+activedirectory+freeradius,
> unfortunately I could not find any good postings, or web 
> toots/examples.

Hi Robin, Welcome to the club.


> I would need to use Microsoft IAS. Is this false ?
Yes,  That particular example used Microsoft IAS, but it is not
required.


> Are people 
> using Active Directory successfully ?
Yes.  Besides myself, there are many people on this list that are.

> I have a linux box that 
> is currently acting as a tacacs server while authenticating 
> using winbind etc, and was hoping to make it a radius server as well.

You are already 3/4 of the way there, since the trickest part of my
freeradius setup was getting winbind to talk to activedirectory

Depending on your Linux distribution, you will just have to install
freeradius.  (Some distributions like Debian require a -disable-shared)

Go thru the radiusd.conf and the eap.conf files, it's clearly commented
on what you need to configure.

You'll see a section marked:
ntlm_auth = "/path/to/ntlm_auth ........(Trimmed)

You might need to modify this to:
ntlm_auth = "/path/to/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --domain=%{mschap:NT-Domain}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"

Don't hesitate to ask questions.  There is a good Howto (unfortuantly, I
don't have my bookmarks with me) but some others on the list hopefully
will post it.




More information about the Freeradius-Users mailing list