win2003 Active Directory authentication

Chris Liles Chris.Liles at
Mon May 8 18:40:38 CEST 2006

Yes you can do use the ldap module of freeradius to hit your AD, I am doing this now.
Yes you can do ssl/tls for encryption between the radius server and AD.
Windows server 2000 does not support tls, only ssl.
It is similar to setting up mm_mod_auth_ldap for apache.
You will need an ldap browser to browse your domain to find out the correct search filters for everything.
The only thing I can't figure out is how to check for group membership.
I posted to the mailing list, but no one has responded yet :-(
There is good documentation on the wiki.
Look for my previous post about not getting groups working to see my config files.
Chris Liles
System Analyst
Air2Web, Inc.
1230 Peachtree St. N.E.
12th Floor
Atlanta, GA 30309
Tel: (404) 942-5334
Fax: (404) 815-7708
-----Original Message-----
From: at [ at] On Behalf Of Frank Smith
Sent: Monday, May 08, 2006 11:55 AM
To: freeradius-users at
Subject: win2003 Active Directory authentication
I am running AD in native mode.  By my ancient understanding of samba, I cannot join this domain.  I can authenticate using ldap, no?  Also, is this insecure due to clear text?   Any other ideas for what I want here?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list