Authenticating Against a Trusted Domain
Phil Mayers
p.mayers at imperial.ac.uk
Sat Jul 15 13:18:04 CEST 2006
Josh wrote:
>
> I haven't been successful with using Samba (which is
> connected to ourdomain)... I can get Samba to
You didn't specify what authentication type you're trying to get
working. I suspect you're trying to use PEAP-MSCHAP for wireless, yes?
There have been posts in the last few days about this - it seems that a
Samba server may be able to do cross-realm fileshare or plaintext auth,
but not cross-realm MS-CHAP. This may depend on settings on one or both
ends, or may be more fundamental - it's been long enough since I've been
involved in windows domain protocols that I can't tell.
What errors are you getting, and what is your configuration?
> authenticate users on ourdomain but not the trusted
> anotherdomain. I figured I would give LDAP a try but
> can't find any documentation on the correct LDAP
> requests for freeradius.
>
LDAP to a "real" AD domain (which I assume "anotherdomain" is) is only
useful if you want to answer PAP requests.
What part of the extensively commented ldap stanza in radiusd.conf or
the doc/rlm_ldap file is unclear?
More information about the Freeradius-Users
mailing list