On May 10, 2022, at 8:56 AM, White, Daniel E. (GSFC-770.0)[AEGIS] via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I am trying to replace a Cistron RADIUS service running on a dinosaur of a Sparc Solaris 9 server before it explodes.
Wow. CIstron was effectively dead 20 years ago.
This RADIUS service is only used to access network devices (switches, routers, etc.)
Likely only PAP then. But you'll have to double-check the packets. Every piece of vendor equipment does something magical and special.
We are moving to a centralized credentials setup with usernames/passwords in Active Directory.
We followed this document to connect RHEL servers. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/htm...
Now we need a new RADIUS service that uses the AD credentials.
Odds are that you can just use PAP, and connect to AD via LDAP. And also check admin group privileges! if (LDAP-Group != "admin") { reject } ... else check passwords, etc. Alan DeKok.