13 Oct
2010
13 Oct
'10
10:56 a.m.
On 13/10/10 15:17, Harry Hoffman wrote:
Hi Phil,
Thanks for the pointers. I was attempting to use ntlm_auth to ensure the account actually existed for the authorization section. And then again in the authentication section to ensure the user name and password match.
But that's not what you're doing. You're actually issuing a password check request. And why check twice? If they don't exist, auth will fail in the authenticate {} section.
Is there a better way to check for authorization against AD?
"It depends". What does "authorization" in this context mean? AD has an integrated LDAP server, which is moderately useful; if you configure FreeRadius you can