AD authorization with LDAP module? Mix with other methods necessary?

WAGHORN, Jason (NHS BORDERS) j.waghorn1 at
Wed Jan 22 09:07:58 CET 2020

>>From: Freeradius-Users [ at] On Behalf Of uj2.hahn at
>>Sent: 22 January 2020 07:11
>>I have another general question.
>>I have a running freeradius instance on Ubuntu for authorization against Windows AD, based on ntlm_auth.
>>But to get more group depended post-auth capabilities I thought I can switch to LDAP module.

I thought that a while - Alan (and I think Matthew) patiently explained (probably for the 450th time) that you *authenticate* via ntlm_auth/winbind/sss and then you *authorize* via LDAP. They know a hell of a lot more than I could ever hope to, so that's what I did. Works just fine.


This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.

For more information and to find out how you can switch,

More information about the Freeradius-Users mailing list