AD Authentication Permissions

Alan DeKok aland at
Sat Jan 5 13:47:29 CET 2013

Mathieu Simon wrote:
> As short question since Tyler was asking for AD as backend - which I
> have read (so far)
> can't use the LDAP module since AD stores ntlm hashes - at least not
> for authentication.

  You can't use AD as an LDAP module for *authentication*.

> But then for LDAP groups how is that supposed to be done when using
> Samba/Winbind/ntlm_auth?

  You configure AD as an LDAP server.  And *don't* use it for

> Can I use LDAP groups for authorization (interestingly something I've
> not really found covered online or in FreeRADIUS books I've had at
> hand).


  Alan DeKok.

More information about the Freeradius-Users mailing list