Re: Active Directory Integration with FreeRADIUS - NTLM_Auth

Michael Griego <mgriego@utdallas.edu> · Mon, 19 Jun 2006 11:55:11 -0500

If you're using AD, plaintext (PAP) authentication, and are wanting  

to restrict the users to a certain OU, you should probably use the  

rlm_ldap module.  That way you can set the base search DN to your  

Cisco Admins OU.  It'll probably be a little easier to use and set  

up, too, than the Kerberos module.

--Mike

On Jun 19, 2006, at 11:12 AM, Doug White wrote:

Alan,

   Thanks for your reply.  Is the plain text kerberos check  

something that gets configured in the radiusd.conf file?  I was  

hoping to create a OU in AD called Cisco Admins and then have  

FreeRADIUS authenticate against those user names and passwords.  I  

was told in another post that according to the radiusd -X output  

FreeRADIUS was attempting to check another location where no user  

names or passwords were setup.

Thanks again,

Doug

-----Original Message-----

From: freeradius-users-bounces 

+dwhite=infosysnetworks.com@lists.freeradius.org on behalf of  

A.L.M.Buxey@lboro.ac.uk

Sent: Fri 6/16/2006 1:25 PM
To: FreeRadius users mailing list
Subject: Re: Active Directory Integration with FreeRADIUS - NTLM_Auth

hi,

the guide you are following - using ntlm_auth against AD, binding into
AD etc is really geared up for doing EAP (PEAP MSCHAPv2 in particular)
what _you_ are attempting to do with RADIUS for login authentication
of the cisco switches/routers involves plaintext passwords...int his
case you'd want to use a kerberos check against your AD instead

alan
-

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 

users.html

<winmail.dat>
-

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ 

users.html

smime.p7s