freeradius and active directory

Kenneth Marshall ktm at rice.edu
Thu Dec 20 21:50:56 CET 2007


On Thu, Dec 20, 2007 at 09:44:25PM +0100, Rutger Beyen wrote:
> Hello,
> I'm very glad I found a list like this. I hope some of you can help me with
> this problem.
>  
> I want to set up a project with 802.1X, so users accessing my cisco switch
> first have to log on. I found out that I could use freeradius for this. But
> what I want to do is verify if the credentials entered by the user (on a
> WinXP) are correct, by checking with the Active Directory on a
> Win2003Server. Using  Ntlm_auth from the samba server is not an option. I
> want to access the AD with the ldap protocol for compatibility reasons.
> Next, I want to place the logged on user is a specific VLAN. So I have to
> retrieve the user's vlan from the AD. Is there any way to configure
> freeradius to do so? I would like to base the vlan on the OU of the person
> in the AD.
> Can you please provide me with the necessary steps to accomplish this?
>  
>  
> Thank you very much,
> Rutger

Rutger,

I think that if you do not use ntlm_auth, you will need a 3rd party
supplicant for the Windows boxes. You probably will need to use ntlm_auth
and also bind to AD using the LDAP protocol to lookup the OU/VLAN.

Ken



More information about the Freeradius-Users mailing list