ldap and ad for 802.1x
Alan DeKok
aland at deployingradius.com
Fri Jul 3 18:02:30 CEST 2009
lenny at aecom.yu.edu wrote:
> I'm trying to figure out the necessary steps and configs to make the
> following happen. 2 groups of users, one residing in ldap with
> samba/ntlm hashes and another in AD, need to authenticate through Radius
> servers for 802.1x wireless.
How do you tell the two groups of users apart?
Do you have an LDAP query that can tell which users are in LDAP, and
which ones in AD?
> At this point, I have the Radius server
> successfully authenticating the users in LDAP, using their Samba
> credentials, but it's a different story with AD. I joined Samba from the
> Radius box into the AD domain and I'm able to test authentication
> successfully with ntlm_auth command, however authentication against
> Radius doesn't seem to be working. The debug output shows that any AD
> auth. attempt is going against LDAP instead.
Likely because the server has no way of knowing which users are in AD.
Alan DeKok.
More information about the Freeradius-Users
mailing list