Clarification / Confirmation needed re: Free Radius againstActive Directory

Moe, John jmoe at hatch.com.au
Wed Mar 2 01:20:46 CET 2011 

> -----Original Message-----
> From: freeradius-users-bounces+jmoe=hatch.com.au at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+jmoe=hatch.com.au at lists.freeradius.org] On Behalf Of Sallee,
> Stephen (Jake)
> Sent: Wednesday, 2 March 2011 8:36 AM
> To: FreeRadius users mailing list
> Subject: RE: Clarification / Confirmation needed re: Free Radius
> againstActive Directory
> 
> Just a word of warning, manually setting Authtype = ANTHING is usually
> a bad idea.  FR is really good about figuring out what to do all on its
> own, if you force an auth type it will very likely break something
> else.
> 
> Jake Sallee
> Network Engineer
> University of Mary Hardin-Baylor
> Fone: 254-295-4658
> Phax: 254-295-4221
> 
> 
> 
> > -----Original Message-----
> > From: freeradius-users-
> bounces+jake.sallee=umhb.edu at lists.freeradius.org
> > [mailto:freeradius-users-
> > bounces+jake.sallee=umhb.edu at lists.freeradius.org] On Behalf Of Moe,
> > John
> > Sent: Tuesday, March 01, 2011 3:26 PM
> > To: FreeRadius users mailing list
> > Subject: RE: Clarification / Confirmation needed re: FreeRadius
> against
> > ActiveDirectory
> >
> > > -----Original Message-----
> > > From: freeradius-users-
> bounces+jmoe=hatch.com.au at lists.freeradius.org
> > > [mailto:freeradius-users-
> > > bounces+jmoe=hatch.com.au at lists.freeradius.org] On Behalf Of Alan
> > > bounces+DeKok
> > > Sent: Tuesday, 1 March 2011 5:51 PM
> > > To: FreeRadius users mailing list
> > > Subject: Re: Clarification / Confirmation needed re: FreeRadius
> > > against ActiveDirectory
> > >
> > > Moe, John wrote:
> > > > Now, I've read a lot of configuration pages (for Ubuntu, Samba,
> > > Winbind,
> > > > and FreeRadius, to name a few) in the last few days, and my
> head's
> > > > spinning a bit, and I'd like to make sure I'm doing this right,
> and
> > > I've
> > > > managed to grasp a few things...
> > >
> > >   The definitive guide is here:
> > >
> > >
> http://deployingradius.com/documents/configuration/active_directory.ht
> > > m
> > > l
> > >
> > >   It's simple, clear, and contains just enough information to allow
> > > you to get it to work.
> > >
> > >   Alan DeKok.
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> >
> > Yeah, the information in that one is, as you said, simple and "just
> enough".
> > However, it doesn't address either of the two questions I asked.
> >
> > 1) Is setting "Auth-Type = ntlm_auth" the correct way for doing what
> I want,
> > or have I mis-configured something so that FreeRadius could work out
> that it
> > needs to use ntlm_auth on its own?
> > 2) How do I match a rule against AD Group membership?  This one was
> > answered in a previous reply, and I think I can work out the
> implementation
> > details from there, I just need to do some work and testing.
> >
> > If anyone knows the answer to the first question, I'd appreciate it.
> >
> > John H. Moe
> > Network Support - Hatch IT
> > HATCH
> > Tel: +61 (7) 3166 7777
> > Direct: +61 (7) 3166 7684
> > Fax: +61 (7) 3368 3754
> > Mobile: +61 438 772 425
> > 61 Petrie Terrace, Brisbane, Queensland Australia 4011
> >

Yeah, that's the impression I got from my reading.  But it doesn't seem to
be able to figure it out on its own, and I can't find any info to tell me
why.  Any idea why that might be?

John H. Moe
Network Support - Hatch IT
HATCH
Tel: +61 (7) 3166 7777
Direct: +61 (7) 3166 7684
Fax: +61 (7) 3368 3754
Mobile: +61 438 772 425
61 Petrie Terrace, Brisbane, Queensland Australia 4011

*****************************
NOTICE - This message from Hatch is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential or proprietary. 
Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. By communicating with us via e-mail, you accept such risks.  When addressed to our clients, any information, drawings, opinions or advice (collectively, "information") contained in this e-mail is subject to the terms and conditions expressed in the governing agreements.  Where no such agreement exists, the recipient shall neither rely upon nor disclose to others, such information without our written consent.  Unless otherwise agreed, we do not assume any liability with respect to the accuracy or completeness of the information set out in this e-mail.  If you have received this message in error, please notify us immediately by return e-mail and destroy and delete the message from your computer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5549 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110302/11e63754/attachment.bin>

More information about the Freeradius-Users mailing list