FW: FreeRadius Authentication against AD or AD LDS (LDAP)
Alan DeKok
aland at deployingradius.com
Tue Jul 16 08:42:49 CEST 2013
limacher david wrote:
> I'm looking for a solution to realize a FreeRadius Server, which can
> Authenticate against primary a AD and as second method against AD LDS
> (Lightweight Directory from Windows).
Follow this guide:
http://deployingradius.com/documents/configuration/active_directory.html
> We want for our WLAN, that in the Guest-Network employees can use their
> AD-Login (I already implemented that with ntlm_auth and it works) and
> also guests can use this network but their login should be in a AD LDS
> (LDAP), which can be edited by our reception. I would prefer not to
> store the password for the guests as Cleartext. Is this possible?
> How could I realize that with FreeRadius?
You don't. AD stores passwords in hashed form. And you *can't* get
access to the passwords. This is a limitation of AD, not FreeRADIUS.
Alan DeKok.
More information about the Freeradius-Users
mailing list