Implementation with AD integration on RHEL7
Matthew Newton
mcn at freeradius.org
Thu Dec 6 23:13:39 CET 2018
On Thu, 2018-12-06 at 12:06 -0800, M S wrote:
> My goal is to provide centralized authentication for our network
> switches.
You need to find out how they send the auth to FreeRADIUS. Likely PAP,
but might not be. PAP or MSCHAPv2 should be workable. Anything else,
unlikely.
> The RHEL7 host system that will be hosting FreeRADIUS is setup to
> directly authenticate users logging into it against our AD server
> using sssd. I was thinking that rather than setting up a separate AD
> relationship between FreeRADIUS and AD, would it be possible to have
> FreeRADIUS utilize the OS-level relationship that is setup with AD
> via sssd? I am not finding much online describing this setup.
I guess sssd gets its information via LDAP? You're may as well just
configure FreeRADIUS to use LDAP directly, rather than to try and get
it to talk to the OS and do it that way.
But if the switches don't do PAP, then you're probably stuck anyway. AD
won't give you any sort of password to check.
--
Matthew
More information about the Freeradius-Users
mailing list