win2003 Active Directory authentication
Konne
bridge_stone at gmx.net
Mon May 8 21:07:35 CEST 2006
hi,
i suggest EAP/PEAP MS-CHAPv2 with ntlm authentication.
bye
Frank Smith wrote:
> Thanks for all your replies. This is simply to do 802.1x
> authentication. Nothing to do with wireless. This is my first whack
> at radius all together. Based on what you guys are saying, it sounds
> like Radius -> Pam -> Pam-LDAP -> Active Directory sounds like the way
> to go. Any objections?
>
> On 5/8/06, *Phil Mayers* <p.mayers at imperial.ac.uk
> <mailto:p.mayers at imperial.ac.uk>> wrote:
>
> Frank Smith wrote:
> > I am running AD in native mode. By my ancient understanding of
> samba, I
> > cannot join this domain.
>
> That is not correct, and is indeed ancient. Samba 3 can join an AD
> native-mode domain. See the massive quantity of docs include with
> samba.
> Once in the domain, the winbind daemon can be started and the
> ntlm_auth
> helper used to answer MS-CHAP requests.
>
> > I can authenticate using ldap, no? Also, is
>
> LDAP can only service PAP requests. If you want PAP, LDAP works fine.
>
> If you want to do e.g. wireless authentication with PEAP/MS-CHAP or
> dialup using MS-CHAP, you must join the domain.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>------------------------------------------------------------------------
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list