Freeradius 3.x with LDAP authentication
Alan DeKok
aland at deployingradius.com
Mon Aug 14 22:01:07 CEST 2017
On Aug 14, 2017, at 9:26 PM, Adam Cage <adamcage27 at gmail.com> wrote:
>
> Hi people, we wanna authenticate WiFi users against a Freeradius 3.x
> server, these users are defined in a Windows Active Directory remote
> server.
Follow the guide here: http://deployingradius.com/documents/configuration/active_directory.html
> We have the base_dn search defined, and there they are all the valid users
> who can use the WiFi service.
>
> We wanna use LDAP to initially authenticate and in the future authorize the
> accesses.
For PEAP, no, that doesn't work. AD isn't really an LDAP server.
> Please can anybody point to me a detailed howto, because we are confused if
> we have to use LDAP with MSCHAP, PAP, EAP or whatever???
Follow the guide above. It will work.
> Aand also we are confused about the AD object we have to use in the filter
> string: uid, samaccountname, mail...What does this selection
> depend on ???
It depends on what you want to do. Where are the user accounts in AD?
> And the last question: I'm using a Debian server with the freeradius and
> freeradius-ldap distribution packages, is it a good idea or
> maybe it's better to use the tar.gz version???
Use 3.0.15. The debian versions are typically years out of date.
Alan DeKok.
More information about the Freeradius-Users
mailing list