AD Authentication Permissions
Alan DeKok
aland at deployingradius.com
Sat Jan 5 13:47:29 CET 2013
Mathieu Simon wrote:
> As short question since Tyler was asking for AD as backend - which I
> have read (so far)
> can't use the LDAP module since AD stores ntlm hashes - at least not
> for authentication.
You can't use AD as an LDAP module for *authentication*.
> But then for LDAP groups how is that supposed to be done when using
> Samba/Winbind/ntlm_auth?
You configure AD as an LDAP server. And *don't* use it for
authentication.
> Can I use LDAP groups for authorization (interestingly something I've
> not really found covered online or in FreeRADIUS books I've had at
> hand).
Yes.
Alan DeKok.
More information about the Freeradius-Users
mailing list