Active directory groups
Doty, Seth
seth.doty at nebraska.gov
Wed May 18 17:21:59 CEST 2011
I have looked on the list for this a few times but there doesn't appear
to be a "how to", just an "it might work".
We are wanting to use freeradius with our wireless controller for .1x
termination. It will need to authenticate to AD and based on the
returned group hand back different attributes to the wireless
controller. I don't have any way to do a static group request because
the options are rather large here. AD needs to pass it back and then i
can probably do a match in the freeradius users file and pass the
controller an attribute (I think). We are using PEAP/MSCHAPv2 for this
currently. We were going to just proxy this to a microsoft NPS but it
appears that that option hands back attributes in the "wrong" place and
overall just seems terrible.
So far I have the ldap component querying AD correctly and I have the
ntlm_auth component doing the same and each individually passing from a
radtest. My question now revolves around passing the groups in our
setup and if this is even possible using the protocols listed above.
Unfortunately, we don't have the option to move away from these
protocols in our environment. I'm a bit of a freeradius noob so any
help is appreciated.
More information about the Freeradius-Users
mailing list