Can Radius pass client ip details to Windows AD during ntlm authentication ?.

Scott Armitage S.P.Armitage at lboro.ac.uk
Sun Mar 13 13:29:30 CET 2016


> On 12 Mar 2016, at 17:14, Eby Mani via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> Can Radius Server pass client ip details to Windows AD during ntlm authentication ?.

dot1X authentication before network access has been granted.  Therefore the client won’t DHCP until after 802.1X authentication has succeeded.

> 
> Here is the scenario, WirelessLanController is configured to provide access only after authenticating using Radius.

This is how 802.1X is designed the client isn’t granted network access until it has been authorised.


> Radius server is configured for WPA2 Enterprise

RADIUS is configured for EAP Authentication, WPA2 Enterprise is how your wireless network is configured.

> with Active Directory integration using samba/winbind (ntlm_auth).
> 
> I can login to the wireless network using AD username and password. The trouble is, AD doesn't know my real ip. It shows my username, Radius server IP and system name when searching for details.


The best you can do is configure your wireless to send RADIUS accounting with interim updates.  If your wireless system is sensible it should send an interim update whenever the client IP Address changes.  This also assumes you have configured your wireless to enforce DHCP (which doesn’t always work so well as different manufacturers read the RFC for DNAv4 differently).  Of course you still need some way of taking the information from the RADIUS accounting and passing this on to the AD.


Regards

Scott Armitage


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160313/bd533e3e/attachment.sig>


More information about the Freeradius-Users mailing list