3 Sep
2014
3 Sep
'14
2:01 p.m.
Dennis Xu wrote:
Thanks for the information. So FreeRadius uses LDAP to authenticate against AD and LDAP cannot read the passwords in those formats. Apparently ACS has a different implementation on authenticating against AD that they don't care about the password format stored in AD:
ACS has either (a) used the NT domain API, like Samba 3 does. Or (b) used the new AD replication protocol like Samba 4 does. So there's nothing special about ACS. Other than they're Cisco, and can afford ten million dollars to inter-operate with AD. We will NOT be re-writing Samba. The way to interact with AD is Samba. Full stop. No other alternative is possible. Alan DeKok.