Freeradius With edirectory and Active directory
Ivan Kalik
tnt at kalik.net
Thu Jul 23 11:14:59 CEST 2009
> Is it possible to have freeradius integrated in a environment with two
> totally different domains, one controlled by edirectory and the other by
> active directory?
Yes. You will need to create two mschap instances (one with ntlm_auth and
one without) and failover in Auth-Type MS-CHAP.
Auth-Type MS-CHAP {
mschap_default {
reject = 2
}
if(reject) {
mschap_ad
}
}
Where mschap_default is a copy of default mschap module while mschap_ad
has ntlm_auth line enabled. This applies to AD + anything else (ldap, sql,
users file stored passwords). If you are going to have pap requests as
well you should add failover to ntlm_auth after pap:
if(!Auth-Type) {
update control {
ntlm_auth
}
}
Is there interest for this? I can write a guide how to combine
authentication of AD stored accounts with those stored elsewhere (ldap,
sql, users file).
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list