FreeRADIUS + Microsoft Active Directory

[Caines, Max]

Hi

There are basically three ways FreeRadius can authenticate against AD:

1. Using LDAP. This is unlikely to work except in special circumstances, as AD does not by default make the password available in any attribute FreeRadius can read. In addition, unless your AD has very weak security, you will need credentials to read entries using LDAP.
2. Using Samba or Winbind (which is part of Samba). This involves the FR server becoming a member of the AD domain. You will need credentials to carry out that step, though once the relationship exists, you won't need them again.
3. By proxying the incoming RADIUS requests that require authentication to a Microsoft NPS server. NPS is Microsoft's RADIUS implementation, but it's much less flexible that FR. It also has some eccentricities, and doesn't stick to the standards very well, but we, like (I think) a few other UK universities, are currently using it for this. That doesn't require any credentials, but it does require a Windows server running NPS

Hope that helps

Max

-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+max.caines=wlv.ac.uk at lists.freeradius.org] On Behalf Of Amir Kalhori
Sent: 07 June 2017 16:35
To: freeradius-users at lists.freeradius.org
Subject: FreeRADIUS + Microsoft Active Directory



Hi,



Is it possible integrate FreeRADIUS 3.x and Microsoft Active Directory without any active directory credential ?



Best Regards,



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html