Authenticating Against a Trusted Domain

Phil Mayers p.mayers at
Sat Jul 15 13:18:04 CEST 2006

Josh wrote:
> I haven't been successful with using Samba (which is
> connected to ourdomain)... I can get Samba to

You didn't specify what authentication type you're trying to get 
working. I suspect you're trying to use PEAP-MSCHAP for wireless, yes?

There have been posts in the last few days about this - it seems that a 
Samba server may be able to do cross-realm fileshare or plaintext auth, 
but not cross-realm MS-CHAP. This may depend on settings on one or both 
ends, or may be more fundamental - it's been long enough since I've been 
involved in windows domain protocols that I can't tell.

What errors are you getting, and what is your configuration?

> authenticate users on ourdomain but not the trusted
> anotherdomain. I figured I would give LDAP a try but
> can't find any documentation on the correct LDAP
> requests for freeradius.

LDAP to a "real" AD domain (which I assume "anotherdomain" is) is only 
useful if you want to answer PAP requests.

What part of the extensively commented ldap stanza in radiusd.conf or 
the doc/rlm_ldap file is unclear?

More information about the Freeradius-Users mailing list