Freeradius with MS Active directory

tran thang trnthang at yahoo.com
Thu Dec 27 13:39:44 CET 2007


Hello all,
 
I am configuring freeradius with Cisco AP as access device and Microsoft AD as User database for users authentication by email and password but still having some bugs.
 
So if anyone have used familiar solution please kindly guide me config radiusd.conf file so FreeRadius can communicate with MS AD.
 
Yours Respectfully,
Tran Nam Thang.
 


 
----- Original Message ----
From: Oguzhan Kayhan <oguzhank at bilkent.edu.tr>
To: Peter Nixon <listuser at peternixon.net>
Cc: freeradius-users at lists.freeradius.org
Sent: Thursday, December 27, 2007 7:16:21 AM
Subject: Re:

Hello Peter and all,
Yes i managed to work authentication via rlm_perl. I can get accept or
reject without a problem.
WHat i wonder is can i use it as a hybrid system as, to keep radacct logs
in sql, or to get some info data from radgrouprelpy or smwhere?
Or some stuff similar like this.
I just wanna use rlm_perl for user/pass matching thats all. Rest should be
by mysql.
Or do i have to write all this modules manually in my perl script too?


> Selam Oguzhan
>
> You need to be aware of a few things:
>
> Firstly, unless your clients use PAP you will not have a plain text
> password
> to use when loging into the IMAP server.
>
> Secondly, It is almost always a better idea to directly check the same
> backend credential store that yoru IMAP server uses than going via the
> IMAP
> protocol. If its a large mail server (At bilkent for example ;-) then you
> probably have an LDAP tree or SQL server at the backend which FreeRADIUS
> can
> directly talk to which would save several steps and protocol conversions
> and
> be much faster than going via IMAP. (You would also likely not have to
> write
> a perl module..)
>
> İyi çalı�malar
>
> Peter
>
> On Mon 24 Dec 2007, Oguzhan Kayhan wrote:
>> Hello all,
>> I am trying to figure out how to use rlm_perl module for authentication
>> purposes.
>> Whats in my mind is to use my existing IMAP server to check if account
>> exists or not.
>> On the wiki page of rlm_perl i see an example script as :
>>
>> # Function to handle accounting
>> sub accounting {
>>        # For debugging purposes only
>> #      &log_request_attributes;
>>
>>        # You can call another subroutine from here
>>        &test_call;
>>
>>        return RLM_MODULE_OK;
>> }
>>
>> Ok...
>> Now.. what should be my return value for test_call subroutine to make it
>> work. I am planning to call an Imap module here and as a return value i
>> should return what?
>> Im not good at perl so, any tiny help will be appreciated.
>>
>> I am planning to make smthing like this but i am really not sure if it
>> works or not:
>>
>> sub imapLogin {
>>    my $host = shift;
>>    my $account = shift;
>>    my $password = shift;
>>    my $server = shift;
>>
>>    # open a connection to the IMAP server
>>    if (! ($server = new Net::IMAP::Simple($host))) {
>>      return "cannot connect IMAP server";
>>    }
>>
>>    # login, if success return 1 (true?) and 0 (false?)
>>    if ($server->login( $account, $password )) {
>>      return RLM_MODULE_OK;
>>    } else {
>>      return RLM_MODULE_REJECT;
>>    }
>> }
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> --
>
> Peter Nixon
> http://peternixon.net/
>


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071227/ebfe5766/attachment.html>


More information about the Freeradius-Users mailing list