Multiple AD's and domains?

Alan DeKok aland at
Wed Jul 22 03:22:37 CEST 2009

Justin Steward wrote:
> Now, the stock standard way of authenticating against AD is using samba,
> joining the domain, and using NTLM Auth. Since I have multiple AD
> domains, how would this best be handled?
> I know that PHP is capable of using LDAP to authenticate against an AD
> server. Can freeRadius also do this? How, or why not?

  ntlm_auth has a --domain parameter.  It can be used to authenticate
different domains.

  However... they all need to be part of the same AD forest / whatever.
 You CANNOT authenticate to two completely independent AD systems.  This
is a fundamental limitation of AD.

  Alan DeKok.

More information about the Freeradius-Users mailing list