Limitation of authenticating against AD
Alan DeKok
aland at deployingradius.com
Wed Sep 3 20:01:41 CEST 2014
Dennis Xu wrote:
> Thanks for the information. So FreeRadius uses LDAP to authenticate against AD and LDAP cannot read the passwords in those formats. Apparently ACS has a different implementation on authenticating against AD that they don't care about the password format stored in AD:
ACS has either (a) used the NT domain API, like Samba 3 does. Or (b)
used the new AD replication protocol like Samba 4 does.
So there's nothing special about ACS. Other than they're Cisco, and
can afford ten million dollars to inter-operate with AD.
We will NOT be re-writing Samba. The way to interact with AD is
Samba. Full stop. No other alternative is possible.
Alan DeKok.
More information about the Freeradius-Users
mailing list