FW: FreeRadius Authentication against AD or AD LDS (LDAP)

Alan DeKok aland at deployingradius.com
Tue Jul 16 08:42:49 CEST 2013


limacher david wrote:
> I'm looking for a solution to realize a FreeRadius Server, which can
> Authenticate against primary a AD and as second method against AD LDS
> (Lightweight Directory from Windows).

  Follow this guide:

http://deployingradius.com/documents/configuration/active_directory.html

> We want for our WLAN, that in the Guest-Network employees can use their
> AD-Login (I already implemented that with ntlm_auth and it works) and
> also guests can use this network but their login should be in a AD LDS
> (LDAP), which can be edited by our reception. I would prefer not to
> store the password for the guests as Cleartext. Is this possible?
> How could I realize that with FreeRadius?

  You don't.  AD stores passwords in hashed form.  And you *can't* get
access to the passwords.  This is a limitation of AD, not FreeRADIUS.

  Alan DeKok.


More information about the Freeradius-Users mailing list