Support for SSO Active Directory & PEAP-MS-CHAP-v2

Rakesh Jha rakesh at burgan.com
Mon Sep 24 08:55:17 CEST 2007


Can you please send steps, I am also trying to so the same.

 

Rakesh

 

________________________________

From: freeradius-users-bounces at lists.freeradius.org
[mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of rick
wiltshire
Sent: Sunday, September 23, 2007 4:48 PM
To: freeradius-users at lists.freeradius.org
Subject: Support for SSO Active Directory & PEAP-MS-CHAP-v2

 


Dear All,

I need help with dot1x implementation in an Enterprise LAN. Our target
is to authenticate and authorize users based on their identities (domain
user names) as well as applying GPOs on users.

Our authentication Backend is: Active Directory 
Our Authorization & Accounting is done by: freeRADIUS
Authorization Attributes control VLAN assignment (hence, IP address
pool)
Required Authentication EAP-Type : PEAP & MS-CHAP

All Clients are using WinXP supplicant. I managed to implement
PEAP&MS-CHAP with this setup however with users who have cached
credentials on their PCs. If the user logs on the PC for the first time,
he fails to reach the active directory to authenticate since the
connection is not yet authorized. So what I need is get the computer
authenticated and assigned an IP address and then authenticate the user
in a following phase while the connection is up. 

Any clues with authenticating domain machines using freeradius and
active directory implementation? 


Attention: 
Any non-official business related views, opinions and other information presented in this electronic mail
are solely those of the sender/author.
Burgan Bank does not endorse or accept responsibility for their opinions. If you are not the addressed 
indicated in this mail or responsible for delivering this message to the intended,
you should delete this message and notify the sender immediately.
-------------------------------------------------------
Burgan Bank S.A.K
www.burgan.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070924/fb5c6c36/attachment.html>


More information about the Freeradius-Users mailing list