Thanks. Does the AD-LDAP connection provide AD groups to allow user "filtering" ? On 5/10/22, 09:10, "Alan DeKok" <aland@deployingradius.com> wrote: On May 10, 2022, at 8:56 AM, White, Daniel E. (GSFC-770.0)[AEGIS] via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote: > > I am trying to replace a Cistron RADIUS service running on a dinosaur of a Sparc Solaris 9 server before it explodes. Wow. CIstron was effectively dead 20 years ago. > This RADIUS service is only used to access network devices (switches, routers, etc.) Likely only PAP then. But you'll have to double-check the packets. Every piece of vendor equipment does something magical and special. > We are moving to a centralized credentials setup with usernames/passwords in Active Directory. > > We followed this document to connect RHEL servers. > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm... > > Now we need a new RADIUS service that uses the AD credentials. Odds are that you can just use PAP, and connect to AD via LDAP. And also check admin group privileges! if (LDAP-Group != "admin") { reject } ... else check passwords, etc. Alan DeKok.