FW: FreeRadius Authentication against AD or AD LDS (LDAP)

Fajar A. Nugraha list at fajar.net
Tue Jul 16 08:32:55 CEST 2013

On Tue, Jul 16, 2013 at 1:02 PM, limacher david <limacher58 at hotmail.com>wrote:

> Hello
> I'm looking for a solution to realize a FreeRadius Server, which can
> Authenticate against primary a AD and as second method against AD LDS
> (Lightweight Directory from Windows).
> We want for our WLAN, that in the Guest-Network employees can use their
> AD-Login (I already implemented that with ntlm_auth and it works) and also
> guests can use this network but their login should be in a AD LDS (LDAP),
> which can be edited by our reception. I would prefer not to store the
> password for the guests as Cleartext. Is this possible?
> How could I realize that with FreeRadius?

If you're asking "how can I store encrypted password in LDAP that is usable
by MSCHAPv2", then you should be able to use nt-hash. One way to generate
the password is to use FR's smbencrypt command line tool.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130716/bfc66a91/attachment.html>

More information about the Freeradius-Users mailing list