Yes, "anotherdomain" is an AD domain, however, my freeradius server can only talk to "ourdomain". ourdomain has a trust with anotherdomain and can pass windows authentication (file shares, etc.) over the trust for authentication. Is it possible to authenticate "anotherdomain" users via LDAP from the freeradius server by piping the auth requests through "mydomain" (which should then, as windows does, recognize the domain from "anotherdomain\username" and send the auth request up the trust)? I'm obviously formulating the wrong LDAP queries. But if this isn't even possible I won't bother spinning in circles. Josh --- Phil Mayers <p.mayers@imperial.ac.uk> wrote:
Josh wrote:
I haven't been successful with using Samba (which
is
connected to ourdomain)... I can get Samba to
You didn't specify what authentication type you're trying to get working. I suspect you're trying to use PEAP-MSCHAP for wireless, yes?
There have been posts in the last few days about this - it seems that a Samba server may be able to do cross-realm fileshare or plaintext auth, but not cross-realm MS-CHAP. This may depend on settings on one or both ends, or may be more fundamental - it's been long enough since I've been involved in windows domain protocols that I can't tell.
What errors are you getting, and what is your configuration?
authenticate users on ourdomain but not the trusted anotherdomain. I figured I would give LDAP a try but can't find any documentation on the correct LDAP requests for freeradius.
LDAP to a "real" AD domain (which I assume "anotherdomain" is) is only useful if you want to answer PAP requests.
What part of the extensively commented ldap stanza in radiusd.conf or the doc/rlm_ldap file is unclear? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com