Il 22/06/2012 17:32, Julson, Jim ha scritto:
Now, the problem is this. Following Alan DeKok's guide at http://deployingradius.com/documents/configuration/active_directory.html, I was able to get FreeRADIUS 2.X running on CentOS 6.2 with pretty minimal effort. There were a few things I had to go elsewhere to figure out, but I managed. I have FreeRADIUS setup and authenticating using NTLM_AUTH. I was able to join my AD 2008 R2 Domain, I can list users, groups etc.. This RADIUS server will be for authenticating users on all of our Cisco devices, as well as remote access VPN users. So the problem is this. It's authenticating...a little too well. Why not add a "default group" var (to be overridden for specific clients) and pass it to ntlm_auth in "--require-membership-of=" parameter? That way you can filter who can authenticate from any NAS. And IIUC huntgroups, you can even define groups of clients...
Please correct me if I'm wrong. BYtE, Diego.