PAP authentication to Active Directory
Axford M.F.
M.F.Axford at soton.ac.uk
Wed Jul 13 19:04:10 CEST 2011
Hi
I'm currently setting up a radius server to authenticate EAP based requests against Active Directory.
Using Alan Dekok's guide I've got this authenticating mschap based EAP requests successfully.
I also want to authenticate ttls/pap requests and I've found two ways to do this that seem to work.
Method 1 is based on whats in http://freeradius.1045715.n5.nabble.com/EAP-TTLS-w-PAP-using-ntlm-auth-td2773260.html
Method 2 is to use LDAP for pap authentications.
All things being equal my preference is to use Method 1 as it keeps all authentications the same, however the:
if (!control:Auth-Type) {
update control {
Auth-Type = ntlm_auth_pap
}
}
In the inner-tunnel/authorize section seems a bit like a hack. Is there a better way to do this ?
Is either method particularly better than the other ?
Regards
Mike Axford
--
Mike Axford
Enterprise Systems
iSolutions
University of Southampton
Southampton
SO17 1BJ
Email: M.F.Axford at soton.ac.uk
Phone: 023 8059 5337
More information about the Freeradius-Users
mailing list