<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">Hello Ivan,<br><br>Yes, It is a Upcoming project. I would appreciate
whatever help I get from you or any reference to where I can get more
information from.<br>We have our users on the aaaa.example.com domain
and are in edirectory environment. But our users are going to share a
big part of the building with another company who are a totally
different domain controlled by active directory. Our management wants
us to create a radius infrastructure so that a user irrespective of
their company, plug their laptop in a available socket, and gets put
into the right domain and all the other network services based on their
login credentials. <br><br>Many Thanks,<br>Jas<br><br><br>Message: 4<br>Date: Thu, 23 Jul 2009 10:14:59 +0100 (BST)<br>From: "Ivan Kalik" <<a rel="nofollow" ymailto="mailto:tnt@kalik.net" href="http://in.mc89.mail.yahoo.com/mc/compose?to=tnt@kalik.net">tnt@kalik.net</a>><br>Subject: Re: Freeradius With edirectory and Active directory<br>To: "FreeRadius users mailing list"<br> <<a rel="nofollow" ymailto="mailto:freeradius-users@lists.freeradius.org" href="http://in.mc89.mail.yahoo.com/mc/compose?to=freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>Message-ID:<br> <<a rel="nofollow" ymailto="mailto:<a href=" msg00574.html="">53179.194.176.105.44.1248340499.squirrel@webmail.kalik.net</a>" href="http://in.mc89.mail.yahoo.com/mc/compose?to=53179.194.176.105.44.1248340499.squirrel@webmail.kalik.net"><a
href="https://lists.freeradius.org/pipermail/freeradius-users/2009-July/msg00574.html">53179.194.176.105.44.1248340499.squirrel@webmail.kalik.net</a>><br>Content-Type: text/plain;charset=utf-8<br><br>> Is it possible to have freeradius integrated in a environment with two<br>> totally different domains, one controlled by edirectory and the other by<br>> active directory?<br><br>Yes. You will need to
create two mschap instances (one with ntlm_auth and<br>one without) and failover in Auth-Type MS-CHAP.<br><br>Auth-Type MS-CHAP {<br> mschap_default {<br> reject = 2<br> }<br> if(reject) {<br> mschap_ad<br> }<br>}<br><br>Where mschap_default is a copy of default mschap module while mschap_ad<br>has ntlm_auth line enabled. This applies to AD + anything else (ldap, sql,<br>users file stored passwords). If you are going to have pap requests as<br>well you should add failover to ntlm_auth after pap:<br><br>if(!Auth-Type) {<br> update control {<br> ntlm_auth<br> }<br>}<br><br>Is there interest for this? I can write a guide how to combine<br>authentication of AD stored accounts with those stored elsewhere
(ldap,<br>sql, users file).<br><br>Ivan Kalik<br>Kalik Informatika ISP<br></td></tr></table><br>
<!--3--><hr size=1></hr> Yahoo! recommends that you upgrade to the new and safer <a href="http://in.rd.yahoo.com/tagline_ie8_1/*http://downloads.yahoo.com/in/internetexplorer/" target="_blank"> Internet Explorer 8</a>.