Migrating FR 3.0.19 from using WINBIND to LDAP for AD auth

Matthew Newton mcn at freeradius.org
Mon Aug 19 10:44:58 CEST 2019


On Mon, 2019-08-19 at 08:02 +0000, WAGHORN, Jason (NHS BORDERS) via
Freeradius-Users wrote:
> > Yes, for authorization it is "use LDAP". You are tied to
> > ntlm_auth/libwbinfo in terms of authentication due to the clear-
> > text passwords being unavailable through Active Directory.[1]
> 
> Ah ha - so... when you/they say "Use LDAP" - it doesn't mean "Use
> LDAP exclusively"...

No. Use LDAP for group checking. Do auth with winbind (libwbclient or
ntlm_auth).

> In which case I build on the existing (working) configuration and add
> the extra (authorisation) check step using LDAP.

Yes.

-- 
Matthew




More information about the Freeradius-Users mailing list