Authentication against Active Directory page
http://deployingradius.com/documents/configuration/active_directory.html It describes a minimal set of steps to take to get authentication working against Active Directory. It works in my limited tests, but if anyone runs into problems, please email me, and I'll update the page. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Alan, What domain were you testing against? 2000 or 2003? (I ask, because I was under the impression that KRB5 had to be setup as well) -----Original Message----- From: freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Friday, September 22, 2006 3:26 PM To: FreeRadius users mailing list Subject: Authentication against Active Directory page http://deployingradius.com/documents/configuration/active_directory.html It describes a minimal set of steps to take to get authentication working against Active Directory. It works in my limited tests, but if anyone runs into problems, please email me, and I'll update the page. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"King, Michael" <MKing@bridgew.edu> wrote:
What domain were you testing against? 2000 or 2003? (I ask, because I was under the impression that KRB5 had to be setup as well)
Windows 2000. I'll have to check if I had previously set up Kerberos, and simply missed that in my writeup. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
On 22 Sep 2006, at 20:26, Alan DeKok wrote:
http://deployingradius.com/documents/configuration/ active_directory.html
It describes a minimal set of steps to take to get authentication working against Active Directory. It works in my limited tests, but if anyone runs into problems, please email me, and I'll update the page.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Does FreeRADIUS taint check (i.e. escape certain characters)? If not, does the plain text password auth bit of the page have security considerations? Regards, James
James J J Hooper <jjj.hooper@bristol.ac.uk> wrote:
Does FreeRADIUS taint check (i.e. escape certain characters)? If not, does the plain text password auth bit of the page have security considerations?
No. It doesn't need to. That's the responsibility of the program being executed. i.e. FreeRADIUS calls the "execve" function, not "system", so the shell is never used, and *no* input characters are special. i.e. Try passing the string "$$" as the User-Name in the examples on the web page. You will see "$$" being passed as an argument, and not the PID of the shell. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (3)
-
Alan DeKok -
James J J Hooper -
King, Michael