Using freeradius integrated with Active Directory toautenticatecisco passwords

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Fri Feb 8 21:19:32 CET 2008


Hi,
> Thank you all.
> 
> But how do I do this? Does any one has a tutorial about it?

add the required parts to the radius config files to enable
krb5 (direct password check) against the AD - you will also need to ensure
your kerberos environment is sane and works 

eg run the command

kinit your_user_id

on the command line to validate that your machine can get a kerberos
ticket

the bits you need to add to the radius config are:

krb5 {
}

to the module stanza (radiusd.conf)

and

        Auth-Type krb5 {
                krb5
        }

to the authenticate stanza (radiusd.conf in 1.1.x and sites-enabled/default
in radiusd 2.x )

you MAY need to set "Auth-Type = krb5" for the required user or NAS setting
depending on your config!

alan



More information about the Freeradius-Users mailing list