win2003 Active Directory authentication
Chris Liles
Chris.Liles at air2web.com
Mon May 8 18:40:38 CEST 2006
Yes you can do use the ldap module of freeradius to hit your AD, I am doing this now.
Yes you can do ssl/tls for encryption between the radius server and AD.
Windows server 2000 does not support tls, only ssl.
It is similar to setting up mm_mod_auth_ldap for apache.
You will need an ldap browser to browse your domain to find out the correct search filters for everything.
The only thing I can't figure out is how to check for group membership.
I posted to the mailing list, but no one has responded yet :-(
There is good documentation on the wiki.
Look for my previous post about not getting groups working to see my config files.
--
Chris Liles
System Analyst
Air2Web, Inc.
1230 Peachtree St. N.E.
12th Floor
Atlanta, GA 30309
Tel: (404) 942-5334
Fax: (404) 815-7708
-----Original Message-----
From: freeradius-users-bounces+chris.liles=air2web.com at lists.freeradius.org [mailto:freeradius-users-bounces+chris.liles=air2web.com at lists.freeradius.org] On Behalf Of Frank Smith
Sent: Monday, May 08, 2006 11:55 AM
To: freeradius-users at lists.freeradius.org
Subject: win2003 Active Directory authentication
I am running AD in native mode. By my ancient understanding of samba, I cannot join this domain. I can authenticate using ldap, no? Also, is this insecure due to clear text? Any other ideas for what I want here?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060508/6a2980ab/attachment.html>
More information about the Freeradius-Users
mailing list