Freeradius authentification against Kerberos

Stefan Paetow Stefan.Paetow at ja.net
Thu Jul 24 11:09:14 CEST 2014 

Yes, absolutely.

Set the TTLS default_eap_type to mschapv2 and you should be ok... you will need to use SAMBA on the FreeRADIUS box to talk to ActiveDirectory, but the instructions that Alan DeKok has at http://deployingradius.com/documents/configuration/active_directory.html are pretty concise and explanatory. Alternatively, read http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO (which apparently was updated 2 days ago). :-)

One thing that you have to be aware of (which Alan does not mention but the How-To on the FreeRADIUS site does) is that you must grant read access for the freerad user (on Ubuntu, radiusd on RHEL systems) to the winbindd_privileged directory. One way is to add the user to the winbind group (I think it's wbpriv on RHEL, might be similar on Ubuntu), otherwise you will get an error from ntlm_auth when it attempts an authentication when running as user radiusd/freerad.

But if you follow the instructions, it is easy to integrate FreeRADIUS with AD.

Stefan


From: freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org [mailto:freeradius-users-bounces+stefan.paetow=ja.net at lists.freeradius.org] On Behalf Of Benjamin Stahl (TH-Wildau.de)
Sent: 24 July 2014 06:29
To: FreeRadius users mailing list
Subject: Re: Freeradius authentification against Kerberos
Importance: High


Hi everybody,

thank you very much for your help.
Is possible to configure both variants? EAP-TTLS and PEAP-MSCHAPv2.
I got EAP-TTLS work under Ubuntu-Client with TTLS.

Can you give me a info how i can connect Winbind to the NT-Domain?
Thanks.


Am 23.07.2014 um 18:25 schrieb Stefan Paetow <Stefan.Paetow at ja.net<mailto:Stefan.Paetow at ja.net>>:


Hi Benjamin,

Windows 7 does not support EAP-TTLS out of the box. You have to install a third-party supplicant (SecureW2 appears to be the favourite) to gain EAP-TTLS support.

Stefan



Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140724/1cff9ff3/attachment.html>

More information about the Freeradius-Users mailing list