win2003 Active Directory authentication

Frank Smith fds0000 at gmail.com
Mon May 8 19:44:09 CEST 2006


Thanks for all your replies.  This is simply to do 802.1x authentication.
Nothing to do with wireless.  This is my first whack at radius all
together.  Based on what you guys are saying, it sounds like Radius -> Pam
-> Pam-LDAP -> Active Directory sounds like the way to go.  Any objections?

On 5/8/06, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
> Frank Smith wrote:
> > I am running AD in native mode.  By my ancient understanding of samba, I
> > cannot join this domain.
>
> That is not correct, and is indeed ancient. Samba 3 can join an AD
> native-mode domain. See the massive quantity of docs include with samba.
> Once in the domain, the winbind daemon can be started and the ntlm_auth
> helper used to answer MS-CHAP requests.
>
> >  I can authenticate using ldap, no?  Also, is
>
> LDAP can only service PAP requests. If you want PAP, LDAP works fine.
>
> If you want to do e.g. wireless authentication with PEAP/MS-CHAP or
> dialup using MS-CHAP, you must join the domain.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060508/12592dfb/attachment.html>


More information about the Freeradius-Users mailing list