On Aug 14, 2017, at 9:26 PM, Adam Cage <adamcage27@gmail.com> wrote:
Hi people, we wanna authenticate WiFi users against a Freeradius 3.x server, these users are defined in a Windows Active Directory remote server.
Follow the guide here: http://deployingradius.com/documents/configuration/active_directory.html
We have the base_dn search defined, and there they are all the valid users who can use the WiFi service.
We wanna use LDAP to initially authenticate and in the future authorize the accesses.
For PEAP, no, that doesn't work. AD isn't really an LDAP server.
Please can anybody point to me a detailed howto, because we are confused if we have to use LDAP with MSCHAP, PAP, EAP or whatever???
Follow the guide above. It will work.
Aand also we are confused about the AD object we have to use in the filter string: uid, samaccountname, mail...What does this selection depend on ???
It depends on what you want to do. Where are the user accounts in AD?
And the last question: I'm using a Debian server with the freeradius and freeradius-ldap distribution packages, is it a good idea or maybe it's better to use the tar.gz version???
Use 3.0.15. The debian versions are typically years out of date. Alan DeKok.