Active Directory Auth without ntlm.

A.L.M.Buxey at A.L.M.Buxey at
Tue Nov 8 23:15:53 CET 2016


> Is there any way to get FreeRadius to authenticate to an Active
> Directory without using ntlm and winbind?
> My intention would be for FreeRadius itself to connect to the AD and
> check the credentials.

well, depends on what Auth you are using. for EAp-TTLS/PAP you could do
it with direct LDAP to the AD.  but for most common purposes, you are
looking at winbind as the best option , or ntlm_auth as second best
(to do the challenge/repsonse MSCHAPv2 stuff that most people want/need - 
eg PEAP or EAP-TTLS/MSCHAPv2. the only other way would be direct
LSA authentication and the only products that do that have interesting
partnerships with Microsoft or have to be running on Windows for the access.


More information about the Freeradius-Users mailing list