On Mar 13, 2016 8:04 AM, "Alan DeKok" <aland@deployingradius.com> wrote:
On Mar 12, 2016, at 12:14 PM, Eby Mani via Freeradius-Users <
freeradius-users@lists.freeradius.org> wrote:
Can Radius Server pass client ip details to Windows AD during ntlm
authentication ?.
No.
Here is the scenario, WirelessLanController is configured to provide access only after authenticating using Radius. Radius server is configured for WPA2 Enterprise with Active Directory integration using samba/winbind (ntlm_auth).
I can login to the wireless network using AD username and password. The trouble is, AD doesn't know my real ip. It shows my username, Radius server IP and system name when searching for details.
AD shows the IP that the login request came from. In this case, that's the RADIUS server.
There is no way I know to pass more information in the login request.
One thing you could always do is use the post-auth function of the ldap module to write the last ip address used into another ldap attribute. It's not exactly the same as passing it in the auth. But may achieve the same outcome. I however would use the linelog module and log the event that way rather than writing it into AD.
Alan DeKok.
- List info/subscribe/unsubscribe? See