FreeRADIUS + Cisco + Active Directory
mcn4 at leicester.ac.uk
Wed Jan 6 12:28:20 CET 2016
On Wed, Jan 06, 2016 at 09:55:42AM +0000, A.L.M.Buxey at lboro.ac.uk wrote:
> > Is there a way to check Active Directory Group Membership without using
> > LDAP from the post-auth section?
> errr, AD is an LDAP system.... even if you used eg PERL or Python instead of the built-in LDAP
> functionality you'd still be using LDAP modules in those languages to talk to AD....
Well if you've joined the machine to AD with Samba you can use
net ads user info <username>
to get a list of the user's groups, but why? It's likely slower
than LDAP and you also have to parse the output.
The only case I can think that you might do this would be with
libwbclient, but even then LDAP is probably faster.
> please define the problem statement :/
Exactly. What's wrong with LDAP here?
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users