On Thu, Jun 16, 2016 at 04:05:49PM +0100, lejeczek via Freeradius-Users wrote:
what I don't get is - this is radtest but how does it matter to a radius clients, say a net switch? Do all the clients have to specify auth method?
Clients send different types of authentication to the RADIUS server. You need to know what your clients are doing. Yes, the client drives which auth method is used.
I thought we configure this different "backends" so radius server will traverse them all in search of a user account of which client has to know none.
Of course - you have to configure the server to handle whatever all your clients send. If the clients will send PAP requests which you want to authenticate against AD, then you'll need to configure FreeRADIUS to do that. The standard "pap" module will handle PAP requests when the password has been pulled out of a backend database (local file, sql, ldap etc) but not AD because it won't give you access to the password hash.
One more thing - having mschap/ntlm I do not need to configure radius server to lookup AD's ldap at the same time, do I? Would there be a case when one would have both ntlm & ldap go to the same on AD?
You configure ldap lookup against AD if you want to pull back LDAP attributes to enforce some policy. If you're just doing auth then you likely don't need it. Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>