FreeRADIUS and Active Directory Integration

Alan DeKok aland at deployingradius.com
Fri Jul 24 21:44:21 CEST 2015 

On Jul 24, 2015, at 2:24 PM, Scott Pickles via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> Thanks for the feedback.  I don't want to down play at all the amount of effort you put into this.  It's clear that you put in tons and tons of effort and I truly appreciate it.  Even more so, I appreciate your willingness to respond to my inquiries on this list because quite frankly you don't have to.  I did read the docs, and I can understand how you're coming to the conclusion that I don't because of what I've been posting as of late.  The truth is I've been working really hard at this and can't get it to work so I apologize if some of how I'm coming across is out of frustration.

  Ask questions.  Simple questions.  *Good* questions.

>  I'm not lazy.  I've put 40-60 hours into this so far, and have rebuilt several times.  I'm to the point where I make one change, start the server, check for errors.  If I'm good, I make the next change and so on.  So here is what this has all come down to for me:  I need to authenticate VPN users against AD.  I want to use LDAP to check group, and ntlm_auth to check password.  Trust me, I have read the docs but this is all new to me and I haven't been able to put it all together in context.

  What context are you looking for?  The main freeradius "doc" page also points to this:

http://networkradius.com/doc/

  The "Technical Guide" has a basic introduction to RADIUS, and how FreeRADIUS works.

>  I've been looking on Google to find out how others have perhaps put it all together.

  I would suggest avoiding google, and third party sites.  They are almost always old, broken, or wrong.

>  I learn some things from reading that stuff, and really what I'm after is an understanding of how it all works so I can configure it myself rather than just follow a preconfigured method that someone else used and UNDERSTAND what is happening.

  That's why we recommend reading the debug output.  It tells you what's happening.  A packet comes in, and is processed through a series of rules.  It is all described in excruciating detail in the debug output.  In fact, there's so much detail that people sometimes ignore it...

>  FreeRADIUS is obviously very powerful and with all of its features I'm looking forward to learning and understanding it better so I can make more use of it as time progresses.  Going forward, I will be much more specific regarding what I have done so far, provide documentation of my configuration, provide clear and concise information regarding what I'm looking to accomplish, and with your expert assistance I think I'll eventually get to where I want to be.  Again, thanks for all of your help and hanging in there with me.  It is truly appreciated!!!!

  Please suggest *where* else we can post the links so that you will find the "unlang" and "huntgroups" documentation.  Really.  It was one of your complaints, and I can't for the life of me figure out where else it should go.  It is rather obsessively documented in the configs, "man" pages, web pages, etc.

  Alan DeKok.

More information about the Freeradius-Users mailing list