Active Directory with NTLM_AUTH
- To: freeradius-users@lists.freeradius.org
- Subject: Active Directory with NTLM_AUTH
- From: duckeo <duckeo@gmail.com>
- Date: Fri, 13 Oct 2006 14:56:47 +1000
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=R+jzE6ISAmHAKXK03WV4hegpyUfhdmplvRM5bVwath/aLorfl9EvcmUaBoGWmOH2fP6zehGmvOvpEGFsyEPG8Cg0VIS53ZMDc1udQ9Ab89mUpT5AAK1lxWq2Hzhsg7Zg3nW7eDk0rBJdbdGS6OZoTp4BG59B9UPESCG3gzbGtsk=
- Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Okay I've been following the Wiki for Active Directory Integration but
now I'm stuck.
I'm successful at getting the machine to join the AD with Samba3, I
have NTLM_AUTH working from the command line to challenge for the user
and return successful.
Next part is getting FreeRadius to use this information.
The end result is that I am using a Dial Up adapter within Windows to
talk to radius, so I want the default Windows settings of MSCHAP to
work first (means I have to customise the client end less).
What (if anything) do I need to do to the users file?
I also need to check that the user is a member of a particular group
in Active Directory before Access-Accept is sent - do I fall back to
LDAP for this?
I have had LDAP only working with PAP, but am stuck with getting it to
work with MS-CHAP.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.