Yes you can do use the ldap
module of freeradius to hit your AD, I am doing this
now.
Yes you can do ssl/tls
for encryption between the radius server and AD.
Windows server 2000 does not support tls, only ssl.
It is similar to setting up mm_mod_auth_ldap for apache.
You will need an ldap
browser to browse your domain to find out the correct search filters for
everything.
The only thing I can’t figure out is
how to check for group membership.
I posted to the mailing list, but no one
has responded yet L
There is good documentation on the wiki.
Look for my previous post about not
getting groups working to see my config files.
--
System
Analyst
Air2Web, Inc.
Fax: (404) 815-7708
-----Original Message-----
From: freeradius-users-bounces+chris.liles=air2web.com@lists.freeradius.org
[mailto:freeradius-users-bounces+chris.liles=air2web.com@lists.freeradius.org] On Behalf Of Frank Smith
Sent: Monday, May 08, 2006 11:55
AM
To:
freeradius-users@lists.freeradius.org
Subject: win2003 Active Directory
authentication
I am running AD in native mode. By my ancient
understanding of samba, I cannot join this domain. I can authenticate
using ldap, no? Also, is this insecure due to clear text? Any
other ideas for what I want here?
Thanks!