Support for SSO Active Directory & PEAP-MS-CHAP-v2

rick wiltshire wrick82 at gmail.com
Sun Sep 23 15:47:57 CEST 2007


Dear All,

I need help with dot1x implementation in an Enterprise LAN. Our target is to
authenticate and authorize users based on their identities (domain user
names) as well as applying GPOs on users.

Our authentication Backend is: Active Directory
Our Authorization & Accounting is done by: freeRADIUS
Authorization Attributes control VLAN assignment (hence, IP address pool)
Required Authentication EAP-Type : PEAP & MS-CHAP

All Clients are using WinXP supplicant. I managed to implement PEAP&MS-CHAP
with this setup however with users who have cached credentials on their PCs.
If the user logs on the PC for the first time, he fails to reach the active
directory to authenticate since the connection is not yet authorized. So
what I need is get the computer authenticated and assigned an IP address and
then authenticate the user  in a following phase while the connection is up.


Any clues with authenticating domain machines using freeradius and active
directory implementation?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070923/86bed317/attachment.html>


More information about the Freeradius-Users mailing list