FreeRADIUS and Active Directory Integration

Scott Pickles scottpickles at yahoo.com
Fri Jul 24 20:24:34 CEST 2015


Alan - 

Thanks for the feedback.  I don't want to down play at all the amount of effort you put into this.  It's clear that you put in tons and tons of effort and I truly appreciate it.  Even more so, I appreciate your willingness to respond to my inquiries on this list because quite frankly you don't have to.  I did read the docs, and I can understand how you're coming to the conclusion that I don't because of what I've been posting as of late.  The truth is I've been working really hard at this and can't get it to work so I apologize if some of how I'm coming across is out of frustration.  I'm not lazy.  I've put 40-60 hours into this so far, and have rebuilt several times.  I'm to the point where I make one change, start the server, check for errors.  If I'm good, I make the next change and so on.  So here is what this has all come down to for me:  I need to authenticate VPN users against AD.  I want to use LDAP to check group, and ntlm_auth to check password.  Trust me, I have read the docs but this is all new to me and I haven't been able to put it all together in context.  I've been looking on Google to find out how others have perhaps put it all together.  I learn some things from reading that stuff, and really what I'm after is an understanding of how it all works so I can configure it myself rather than just follow a preconfigured method that someone else used and UNDERSTAND what is happening.  FreeRADIUS is obviously very powerful and with all of its features I'm looking forward to learning and understanding it better so I can make more use of it as time progresses.  Going forward, I will be much more specific regarding what I have done so far, provide documentation of my configuration, provide clear and concise information regarding what I'm looking to accomplish, and with your expert assistance I think I'll eventually get to where I want to be.  Again, thanks for all of your help and hanging in there with me.  It is truly appreciated!!!!
 


     On Friday, July 24, 2015 7:09 AM, Alan DeKok <aland at deployingradius.com> wrote:
   

 On Jul 23, 2015, at 10:47 AM, Scott Pickles <scottpickles at yahoo.com> wrote:
> I'm sure it's not new, but yes I was looking at other websites and Google after I couldn't get things working reading the Wiki.

  Then ask a question.  It's not hard.

Q: Hi, I'm following a guide on the Wiki at URL.  I'm at step X and expected to see FOO.  Instead I see BAR.  What's up?

  A *HUGE* part of the reason why people run into issues is that they can't ask good questions.

>  I'll start over again with the Wiki, but the problem I had with the Wiki located at guide/FreeRADIUS Active Directory Integration HOWTO is that it's the bare minimum.  It does not cover huntgroups, unlang, memberOf, etc.

  That is a ridiculous request to make.  Each page on the Wiki has ONE subject.  If you want to read about 3 things, you've got to read 3 pages.  That's how documentation works.

> So if someone would like to update the Wiki for more advanced configurations, or point me to where those are already covered in the existing Wiki, I'd appreciate it.

  Go to http://freeradius.org/.  Look for the "documentation" link.  Click on it.  Look for "unlang".  Clock on the link.

  On the same page, there's a clickable link for "configuration files".  Click on it.

  If you read the "huntgroups" file, it contains documentation on what the file does, and how it works.

  If you read the starry of "radiusd.conf", it tells you to go read "man unlang".

  Or go to http://wiki.freeradius.org/.  Click on the "search" box.  Type "unlang" and hit <enter>.  Or type "huntgroups", and hit <enter>

  How much easier does it have to be?

>  My guess is that they aren't covered or I'd likely have found them.

  Nonsense.  They're covered in excruciating detail.  They're point 

>  As a result, off to third parties, Google, etc. and my "new (not new) complaint".

  The only reason you didn't find the existing documentation is that you didn't go to http://freeradius.org, and click on 2-3 *labelled* links.  It's not that freaking hard.

  Quite frankly, this attitude is lazy and offensive.  I've spent hundreds of hours documenting the server, and dozens of hours updating the web site so that the links are easy to find.

  Can you explain where we'd have to put the links so that someone like you can find them?  Because:

1) putting the links in the config files doesn't work.  You don't read them.

2) putting the links in the wiki doesn't work.  You don't read them.

3) putting the links on freeradius.org doesn't work.  You don't read them.

  Apparently for you, google is king.  It MUST be on google, and it MUST NOT be on freeradius.org for you to consider it an "authoritative" source.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  


More information about the Freeradius-Users mailing list