Active Directory and FreeRadius
Zawacki Jason D Ctr AFRL/IFOS
Jason.Zawacki.ctr at rl.af.mil
Thu Jul 14 17:59:19 CEST 2005
I'd recommend skipping PAM and using MIT's kerberized telnet. I don't
believe PAM supports single signon, whereas you can have single sign-on with
kerberized telnet.
> -----Original Message-----
> From: freeradius-users-bounces at lists.freeradius.org
> [mailto:freeradius-users-bounces at lists.freeradius.org] On
> Behalf Of Alan DeKok
> Sent: Thursday, July 14, 2005 11:39 AM
> To: FreeRadius users mailing list
> Subject: Re: Active Directory and FreeRadius
>
> "Talwar, Puneet (NIH/NIAID)" <PTALWAR at niaid.nih.gov> wrote:
> > Well I can use pam_krb5, but what I am trying to accomplish
> here is that I
> > have quite a few Linux workstation on my network and I
> thought if I can
> > setup those Linux workstation to point to the radius server
> where they login
> > using there Active Directory credentials.
>
> You said that already.
>
> What you may not know is that AD implements Kerberos. You can use
> pam_krb5 on the Linux boxes to do *exactly* the same thing, but
> without using RADIUS at all.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list