win2003 Active Directory authentication

Konne bridge_stone at gmx.net
Mon May 8 21:07:35 CEST 2006


hi,

i suggest EAP/PEAP MS-CHAPv2 with ntlm authentication.

bye

Frank Smith wrote:

> Thanks for all your replies.  This is simply to do 802.1x 
> authentication.  Nothing to do with wireless.  This is my first whack 
> at radius all together.  Based on what you guys are saying, it sounds 
> like Radius -> Pam -> Pam-LDAP -> Active Directory sounds like the way 
> to go.  Any objections?
>
> On 5/8/06, *Phil Mayers* <p.mayers at imperial.ac.uk 
> <mailto:p.mayers at imperial.ac.uk>> wrote:
>
>     Frank Smith wrote:
>     > I am running AD in native mode.  By my ancient understanding of
>     samba, I
>     > cannot join this domain.
>
>     That is not correct, and is indeed ancient. Samba 3 can join an AD
>     native-mode domain. See the massive quantity of docs include with
>     samba.
>     Once in the domain, the winbind daemon can be started and the
>     ntlm_auth
>     helper used to answer MS-CHAP requests.
>
>     >  I can authenticate using ldap, no?  Also, is
>
>     LDAP can only service PAP requests. If you want PAP, LDAP works fine.
>
>     If you want to do e.g. wireless authentication with PEAP/MS-CHAP or
>     dialup using MS-CHAP, you must join the domain.
>     -
>     List info/subscribe/unsubscribe? See
>     http://www.freeradius.org/list/users.html
>
>
>------------------------------------------------------------------------
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list