Freeradius + Active Directory
Rowley, Mathew
Mathew_Rowley at cable.comcast.com
Thu Oct 21 16:50:40 CEST 2010
Ah, that is true. I never though that deeply into it, and only did a POC.
Is the downfall of doing things this way that passwords must be sent in
the clear?
On 10/21/10 1:59 AM, "Phil Mayers" <p.mayers at imperial.ac.uk> wrote:
>On 10/20/2010 10:59 PM, Rowley, Mathew wrote:
>> I was able to configure FreeRadius/AD differently than most tutorials
>> just using Kerberos as an authentication mechanism (sorry for any
>> weird formatting, coming from a wiki):
>
>(For the archives)
>
>The reason it's different than most tutorials, to be clear, is that this
>config can only check PAP requests, so is not useful for the common case
>of PEAP/MS-CHAP for wireless/wired 802.1x.
>
>Obviously if you use EAP-TTLS/PAP for 802.1x, or just PAP for some other
>service (as CLI login to switches/routers usually is) it'll work fine.
>
>(People seem to get very confused about this topic, so it's worth noting
>;o)
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list