freeradius and active directory

Alan DeKok aland at
Sun Dec 23 01:03:14 CET 2007

Rutger Beyen wrote:
> If I have to contact the AD with the ldap protocol for the vlan, why can't I
> just use that way to verify the user's credentials?

  AD can verify credentials, if FreeRADIUS sees a clear-text password in
the RADIUS request.

  Otherwise, it's impossible.  AD is *not* an LDAP server, even though
it appears to be one.

> The use Ntlm must be configured in radiusd.conf, but how and were do I
> configure the ldap bind to get the users group and define the vlan?

  You don't.  You do LDAP queries.

  Alan DeKok.

More information about the Freeradius-Users mailing list