AD Authentication via python module eventually fails
Alan DeKok
aland at deployingradius.com
Thu Oct 3 00:17:15 CEST 2019
On Oct 2, 2019, at 5:39 PM, Orestes Leal RodrÃguez <olealrd1981 at gmail.com> wrote:
>
> I mentioned in the other email it was the boss' decision. I cannot do
> anything if he doesn't want to do it another way (I suggested go
> through ntlm_auth but it was not chosen.
So he's making decisions which break the corporate infrastructure?
Nice.
> The script just import the ldap module, binds to a GC server to
> fullfills the authentication requests and return falsoe y the password
> is incorrect or the account it's not found, or true if the auth was
> correct.
FreeRADIUS can do this with the native LDAP module. You don't need to do ntlm_auth.
> We have two backends domains so that was the reason it was
> done this way (although I had an alternative doing the same using
> ntlm_auth).
FreeRADIUS can use two LDAP modules, one for each back-end domain.
It's simpler, faster, more standard, and it *works*.
I'd say tell your boss that he's wrong, but I'm sure he already knows that.
Alan DeKok.
More information about the Freeradius-Users
mailing list