FreeRADIUS + Cygwin + Active Directory authentication?

Paul Bartell paul.bartell at gmail.com
Thu Feb 10 07:12:35 CET 2011


Frankly, running Free Radius on windows sounds like a bad idea,
especially should you ever need to update it or have another person
(maybe 5 years down the road) change it a bit. Generally, running
server process under cygwin is a lot of extra work for not much
convenience. I would suggest either running it on a linux server (and
documenting everything you do) or running a different RADIUS server
that natively runs on windows.

On Wed, Feb 9, 2011 at 9:36 PM, Moe, John <jmoe at hatch.com.au> wrote:
> I'm trying to set up a FreeRADIUS server in our organization, and the
> corporate preference is to run on Windows.  I've got FreeRADIUS to compile
> and have successfully completed the PAP test (from
> http://deployingradius.com/documents/configuration/pap.html) to make sure it
> works.  Now I'm looking to set up Active Directory authentication.  To do
> that, all the documentation I've read is geared towards Linux servers
> running Samba.  From what I gather, it uses the ntlm_auth program to
> authenticate to the Windows Active Directory, which returns "NT_KEY output,
> which is needed in order for FreeRADIUS to perform MS-CHAP authentication."
>
> Is there a way I can do this on a Windows/Cygwin server?  I tried to get
> Samba to compile and install to test if it'd work on a Windows server, but
> it needed Kerberos to talk to AD, and Kerberos didn't seem to want to
> compile without shared libraries, which apparently Cygwin doesn't support.
> Does anyone know any other programs that can be used to provide this
> authentication mechanism, that also run on Windows?  Or do I need to do this
> on a Linux server?
>
> I've tried to Google for the answers to this without luck.  Any help or
> pointers would be appreciated.  Thanks.
>
> John H. Moe
> Network Support - Hatch IT
> HATCH
> Tel: +61 (7) 3166 7777
> Direct: +61 (7) 3166 7684
> Fax: +61 (7) 3368 3754
> Mobile: +61 438 772 425
> 61 Petrie Terrace, Brisbane, Queensland Australia 4011
>
> *****************************
> NOTICE - This message from Hatch is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential or proprietary.
> Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. By communicating with us via e-mail, you accept such risks.  When addressed to our clients, any information, drawings, opinions or advice (collectively, "information") contained in this e-mail is subject to the terms and conditions expressed in the governing agreements.  Where no such agreement exists, the recipient shall neither rely upon nor disclose to others, such information without our written consent.  Unless otherwise agreed, we do not assume any liability with respect to the accuracy or completeness of the information set out in this e-mail.  If you have received this message in error, please notify us immediately by return e-mail and destroy and delete the message from your computer.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



-- 
Random quote of the week/month/whenever i get to updating it: "Quis custodiet
ipsos custodes?": "who shall watch the watchers themselves?" - Juvenal




More information about the Freeradius-Users mailing list