Can Radius pass client ip details to Windows AD during ntlm authentication ?.
Peter Lambrechtsen
peter at crypt.nz
Sat Mar 12 22:54:41 CET 2016
On Mar 13, 2016 8:04 AM, "Alan DeKok" <aland at deployingradius.com> wrote:
>
> On Mar 12, 2016, at 12:14 PM, Eby Mani via Freeradius-Users <
freeradius-users at lists.freeradius.org> wrote:
> >
> > Can Radius Server pass client ip details to Windows AD during ntlm
authentication ?.
>
> No.
>
> > Here is the scenario, WirelessLanController is configured to provide
access only after authenticating using Radius. Radius server is configured
for WPA2 Enterprise with Active Directory integration using samba/winbind
(ntlm_auth).
> >
> > I can login to the wireless network using AD username and password. The
trouble is, AD doesn't know my real ip. It shows my username, Radius server
IP and system name when searching for details.
>
> AD shows the IP that the login request came from. In this case, that's
the RADIUS server.
>
> There is no way I know to pass more information in the login request.
One thing you could always do is use the post-auth function of the ldap
module to write the last ip address used into another ldap attribute.
It's not exactly the same as passing it in the auth. But may achieve the
same outcome.
I however would use the linelog module and log the event that way rather
than writing it into AD.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list