AD authorization with LDAP module? Mix with other methods necessary?

uj2.hahn at posteo.de uj2.hahn at posteo.de
Wed Jan 22 08:10:58 CET 2020


Hi,
I have another general question.
I have a running freeradius instance on Ubuntu for authorization against 
Windows AD, based on ntlm_auth.
But to get more group depended post-auth capabilities I thought I can 
switch to LDAP module.
I tested that in a test installation with OpenLDAP (instead of AD) and 
it worked fine.
But now I was going to rollout this method to AD and failed to check the 
good password.
Of course I'm aware that OpenLDAP and AD handles passwords differently 
so the surprise was not too big.

So my questions are:
- can I mix ntlm_auth for authorization and LDAP to do some group 
depended post-auth actions?
- is that needed at all and there are ways to run LDAP only (in that 
case I probably did something
   wrong so far)?

Thanks
Uwe


More information about the Freeradius-Users mailing list