How do I set up simple AD integration?
Josh Howlett
josh.howlett at bristol.ac.uk
Wed Apr 12 12:48:04 CEST 2006
Burton, Steven wrote:
>
>> -----Original Message-----
>> From:
>> freeradius-users-bounces+sburton=shepherd-construction.co.uk at l
>> ists.freer
>> adius.org
>> [mailto:freeradius-users-bounces+sburton=shepherd-construction
>> .co.uk at lis
>> ts.freeradius.org]On Behalf Of Alan DeKok
>> Sent: 11 April 2006 16:28
>> To: FreeRadius users mailing list
>> Subject: Re: How do I set up simple AD integration?
>>
>>
>> "Burton, Steven" <sburton at shepherd-construction.co.uk> wrote:
>>> This stanza is a enclosed with the mschap section, still
>> nothing ventured....
>>> I changed the line and unfolded it and ran radiusd -X. The first
>>> request didn't match anything usefull and was rejected by System. I
>>> tried again but ticked the box 'CHAP' on NTRadPing and got the
>>> output:
>> You can't do CHAP to MS AD. It's impossible.
>>
>> Alan DeKok.
>
> My bad! I'd been staring at mschap all day and I saw chap and thought mschap.
> I still hope to get 802.1x working with FR before I'm told to stop wasting time and buy something :-) but after two and a half days (on and off) I'm no closer.
Steve,
I strongly suggest you start off doing PEAP against the 'users' file,
and once that's working get the domain stuff working.
It sounds to me like you're trying to do too much at once, and too many
things are broken for you to know where to start!
Once you've got PEAP working against the 'users' file, create a machine
account in the AD for the RADIUS server (using the Samba tools) and then
use the ntlm_auth program (that comes with Samba) to test standard
authentication.
Once you've got that far, it's just a matter of configuring FreeRADIUS
to use ntlm_auth. But you can worry about that later :-)
This isn't difficult, it's largely a matter of making sure you do the
right steps in the right order...
best regards, josh.
More information about the Freeradius-Users
mailing list