Active Directory Integration with FreeRADIUS - NTLM_Auth
Michael Griego
mgriego at utdallas.edu
Mon Jun 19 18:55:11 CEST 2006
If you're using AD, plaintext (PAP) authentication, and are wanting
to restrict the users to a certain OU, you should probably use the
rlm_ldap module. That way you can set the base search DN to your
Cisco Admins OU. It'll probably be a little easier to use and set
up, too, than the Kerberos module.
--Mike
On Jun 19, 2006, at 11:12 AM, Doug White wrote:
> Alan,
>
> Thanks for your reply. Is the plain text kerberos check
> something that gets configured in the radiusd.conf file? I was
> hoping to create a OU in AD called Cisco Admins and then have
> FreeRADIUS authenticate against those user names and passwords. I
> was told in another post that according to the radiusd -X output
> FreeRADIUS was attempting to check another location where no user
> names or passwords were setup.
>
> Thanks again,
>
> Doug
>
>
> -----Original Message-----
> From: freeradius-users-bounces
> +dwhite=infosysnetworks.com at lists.freeradius.org on behalf of
> A.L.M.Buxey at lboro.ac.uk
> Sent: Fri 6/16/2006 1:25 PM
> To: FreeRadius users mailing list
> Subject: Re: Active Directory Integration with FreeRADIUS - NTLM_Auth
>
> hi,
>
> the guide you are following - using ntlm_auth against AD, binding into
> AD etc is really geared up for doing EAP (PEAP MSCHAPv2 in particular)
> what _you_ are attempting to do with RADIUS for login authentication
> of the cisco switches/routers involves plaintext passwords...int his
> case you'd want to use a kerberos check against your AD instead
>
> alan
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
>
> <winmail.dat>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060619/86a0841f/attachment.bin>
More information about the Freeradius-Users
mailing list