Authenticating Against a Trusted Domain

Josh josh2780 at yahoo.com
Wed Jul 19 19:34:05 CEST 2006 

Yes, "anotherdomain" is an AD domain, however, my
freeradius server can only talk to "ourdomain". 
ourdomain has a trust with anotherdomain and can pass
windows authentication (file shares, etc.) over the
trust for authentication.

Is it possible to authenticate "anotherdomain" users
via LDAP from the freeradius server by piping the auth
requests through "mydomain" (which should then, as
windows does, recognize the domain from
"anotherdomain\username" and send the auth request up
the trust)?

I'm obviously formulating the wrong LDAP queries. But
if this isn't even possible I won't bother spinning in
circles.

Josh


--- Phil Mayers <p.mayers at imperial.ac.uk> wrote:

> Josh wrote:
> > 
> > I haven't been successful with using Samba (which
> is
> > connected to ourdomain)... I can get Samba to
> 
> You didn't specify what authentication type you're
> trying to get 
> working. I suspect you're trying to use PEAP-MSCHAP
> for wireless, yes?
> 
> There have been posts in the last few days about
> this - it seems that a 
> Samba server may be able to do cross-realm fileshare
> or plaintext auth, 
> but not cross-realm MS-CHAP. This may depend on
> settings on one or both 
> ends, or may be more fundamental - it's been long
> enough since I've been 
> involved in windows domain protocols that I can't
> tell.
> 
> What errors are you getting, and what is your
> configuration?
> 
> > authenticate users on ourdomain but not the
> trusted
> > anotherdomain. I figured I would give LDAP a try
> but
> > can't find any documentation on the correct LDAP
> > requests for freeradius.
> > 
> 
> LDAP to a "real" AD domain (which I assume
> "anotherdomain" is) is only 
> useful if you want to answer PAP requests.
> 
> What part of the extensively commented ldap stanza
> in radiusd.conf or 
> the doc/rlm_ldap file is unclear?
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Freeradius-Users mailing list