Freeradius in dmz (not joined to AD) and authorization from AD LDAP
Matthew Newton
matthew at newtoncomputing.co.uk
Tue Apr 25 10:06:17 CEST 2017
On 25 April 2017 08:45:49 BST, chose <chose at ajetaci.cz> wrote:
> is it able to authorize users from Windows AD LDAP from Freeradius in
>DMZ zone without joining AD (security reasons).
Yes, with limitations, depending on your situation.
> I found that there is
>problem with passwords hash, freeradius gets password in mschapv2
Because AD won't give you the password hash in the LDAP response, the only option you have got is to attempt to bind, which needs a clear password. So doing this means you're limited to PAP based methods.
--
Matthew
More information about the Freeradius-Users
mailing list