Dear List, I have a wired 802.1X working setup using the following: - PEAPoMSCHAPv2 + Mac verification in MySQL DB for all 802.1X capable endpoints. - MAB only for all non 802.1X capable endpoints. but still, I am confused about the difference a simple ntlm_auth as an authentication method used by winbind, and a 'direct' winbind authentication (from a freeradius point of view)! My main concern is here: http://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind and my setup used http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOW... .. Any explanation would really be appreciated :) thank you,
Hi,
but still, I am confused about the difference a simple ntlm_auth as an authentication method used by winbind, and a 'direct' winbind authentication (from a freeradius point of view)!
the old legacy method uses ntlm_auth as an extrenal program to do authentication the native/direct winbind method uses the winbind libraries so that authentication is done directly by FreeRADIUS, using a winbind connection pool (just like SQL,LDAP etc) and not calling/spawning an external program. result is much much faster authentications and better scaling. your FR will need to be latest version compiled against recent SAMBA correctly. unlikely that such a packge will come from your distro providers right now alan
participants (2)
-
3@D4rkn3ss DuMb -
A.L.M.Buxey@lboro.ac.uk