On Oct 2, 2019, at 5:39 PM, Orestes Leal RodrÃguez <olealrd1981@gmail.com> wrote:
I mentioned in the other email it was the boss' decision. I cannot do anything if he doesn't want to do it another way (I suggested go through ntlm_auth but it was not chosen.
So he's making decisions which break the corporate infrastructure? Nice.
The script just import the ldap module, binds to a GC server to fullfills the authentication requests and return falsoe y the password is incorrect or the account it's not found, or true if the auth was correct.
FreeRADIUS can do this with the native LDAP module. You don't need to do ntlm_auth.
We have two backends domains so that was the reason it was done this way (although I had an alternative doing the same using ntlm_auth).
FreeRADIUS can use two LDAP modules, one for each back-end domain. It's simpler, faster, more standard, and it *works*. I'd say tell your boss that he's wrong, but I'm sure he already knows that. Alan DeKok.