AD authorization with LDAP module? Mix with other methods necessary?
uj2.hahn at posteo.de
uj2.hahn at posteo.de
Wed Jan 22 08:10:58 CET 2020
Hi,
I have another general question.
I have a running freeradius instance on Ubuntu for authorization against
Windows AD, based on ntlm_auth.
But to get more group depended post-auth capabilities I thought I can
switch to LDAP module.
I tested that in a test installation with OpenLDAP (instead of AD) and
it worked fine.
But now I was going to rollout this method to AD and failed to check the
good password.
Of course I'm aware that OpenLDAP and AD handles passwords differently
so the surprise was not too big.
So my questions are:
- can I mix ntlm_auth for authorization and LDAP to do some group
depended post-auth actions?
- is that needed at all and there are ways to run LDAP only (in that
case I probably did something
wrong so far)?
Thanks
Uwe
More information about the Freeradius-Users
mailing list