FreeRADIUS + Cygwin + Active Directory authentication?
Alan DeKok
aland at deployingradius.com
Thu Feb 10 10:18:12 CET 2011
Moe, John wrote:
> I'm trying to set up a FreeRADIUS server in our organization, and the
> corporate preference is to run on Windows. I've got FreeRADIUS to compile
> and have successfully completed the PAP test (from
> http://deployingradius.com/documents/configuration/pap.html) to make sure it
> works.
That's a bit of work. I haven't bothered trying that in a while.
> Now I'm looking to set up Active Directory authentication. To do
> that, all the documentation I've read is geared towards Linux servers
> running Samba. From what I gather, it uses the ntlm_auth program to
> authenticate to the Windows Active Directory, which returns "NT_KEY output,
> which is needed in order for FreeRADIUS to perform MS-CHAP authentication."
>
> Is there a way I can do this on a Windows/Cygwin server?
Not really, no. There isn't much point, either.
The *correct* way to do it on Windows would be to use some Windows
MS-CHAP APIs to authenticate (if those exist). There could be a
Windows-specific MS-CHAP module.
But that takes time.
My $0.02: run a VMware image of Linux on the Windows box. FreeRADIUS
doesn't need a whole lot of CPU power, so it shouldn't be a problem.
Alan DeKok.
More information about the Freeradius-Users
mailing list