LDAP and AD authentication on the same FreeRadius server

Denis CLAVIER dclavier at i-tracing.com
Mon Jul 23 11:26:41 CEST 2018


I am trying to set up a FreeRadius server for a VPN connection used by users stored in an LDAP or in an AD. I succeeded to authenticate on LDAP and on AD separately with the two following radtest commands : 

LDAP : radtest dclavier "password" localhost 0 testing123
AD : radtest -t mschap dclavier "Password1234*" localhost 0 testing123

However, I would like to configure the FreeRadius server to authenticate users on LDAP or AD, based on the realm. For example, user dclavier at ldap.com should use ldap authentication, and dclavier at ad.com should use mschap authentication (or ntlm_auth) without specifying which method to use. So, I would like FreeRadius to choose the right Auth-Type according to the realm. At least, I would like FreeRadius to try the second auth-type if the first failed.

I looked at the proxy.conf file to perform what I want, but I can't find how to specify the auth type for each realm. So I would like to know if it is possible to perform authentication for users from LDAP and users from AD with only one FreeRadius server. If yes, I would be happy if you can suggest how to do it.



More information about the Freeradius-Users mailing list