Freeradius-Users Digest, Vol 51, Issue 100

jaswinder kaur saini_jas16 at yahoo.co.in
Thu Jul 23 13:32:38 CEST 2009 

Hello Ivan,

Yes, It is a Upcoming project. I would appreciate whatever help I get from you or any reference to where I can get more information from.
We have our users on the aaaa.example.com domain and are in edirectory environment. But our users are going to share a big part of the building with another company who are a totally different domain controlled by active directory. Our management wants us to create a radius infrastructure so that a user irrespective of their company, plug their laptop in a available socket, and gets put into the right domain and all the other network services based on their login credentials. 

Many Thanks,
Jas


Message: 4
Date: Thu, 23 Jul 2009 10:14:59 +0100 (BST)
From: "Ivan Kalik" <tnt at kalik.net>
Subject: Re: Freeradius With edirectory and Active directory
To: "FreeRadius users mailing list"
    <freeradius-users at lists.freeradius.org>
Message-ID:
    <53179.194.176.105.44.1248340499.squirrel at webmail.kalik.net>
Content-Type: text/plain;charset=utf-8

> Is it possible to have freeradius integrated in a environment with two
> totally different domains, one controlled by edirectory and the other by
> active directory?

Yes. You will need to create two mschap instances (one with ntlm_auth and
one without) and failover in Auth-Type MS-CHAP.

Auth-Type MS-CHAP {
     mschap_default {
          reject = 2
     }
     if(reject) {
          mschap_ad
     }
}

Where mschap_default is a copy of default mschap module while mschap_ad
has ntlm_auth line enabled. This applies to AD + anything else (ldap, sql,
users file stored passwords). If you are going to have pap requests as
well you should add failover to ntlm_auth after pap:

if(!Auth-Type) {
     update control {
          ntlm_auth
     }
}

Is there interest for this? I can write a guide how to combine
authentication of AD stored accounts with those stored elsewhere (ldap,
sql, users file).

Ivan Kalik
Kalik Informatika ISP



------------------------------



      Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090723/6ddaf0ff/attachment.html>

More information about the Freeradius-Users mailing list