Conditional attributes with AD
Scott McLane Gardner
sgardne at uark.edu
Tue Mar 6 23:01:30 CET 2012
On 3/6/12 3:59 PM, "Fajar A. Nugraha" <list at fajar.net> wrote:
>On Wed, Mar 7, 2012 at 4:57 AM, Scott McLane Gardner <sgardne at uark.edu>
>wrote:
>>
>>
>> On 3/6/12 3:55 PM, "Fajar A. Nugraha" <list at fajar.net> wrote:
>>
>>>On Wed, Mar 7, 2012 at 4:28 AM, Scott McLane Gardner <sgardne at uark.edu>
>>>wrote:
>>>> If anyone cares, I got this working by calling a script that contained
>>>>the
>>>> following:
>>>
>>>That's odd. Did you properly setup the AD as LDAP server in
>>>raddb/modules/ldap (or whatever file name you use)?
>>
>> No, I didn't set it up as an LDAP server since you apparently can't use
>> LDAP and EAP at the same time. (Unless I'm reading the documentation
>> wrong.)
>
>Yes, you can :)
>
>You CAN'T use some EAP types (e.g. EAP-PEAP-MSCHAPv2) when
>authenticating using LDAP bind (i.e. set Auth-Type to LDAP).
>
>You CAN use LDAP as a plain database no matter what authentication
>method you use (in this case you're simply using it for group check,
>not for authentication).
>
>--
>Fajar
Can you expand on how this is done? I am a freeradius newbie and don't
really understand how all the pieces fit together.
More information about the Freeradius-Users
mailing list