Wifi + Active Directory without ntlm
Josef Vybíhal
josef.vybihal at gmail.com
Thu May 14 15:40:50 CEST 2020
Is it possible, that you mean that you just don't want to use ntlm_auth
command? If yes, then read the winbind comment section in the mschap module
config.
# winbind_username = "%{mschap:User-Name}"
# winbind_domain = "%{mschap:NT-Domain}"
or this
https://wiki.freeradius.org/guide/Active-Directory-direct-via-winbind
On Thu, May 14, 2020 at 3:32 PM Клеусов Владимир Сергеевич via
Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Ideally, I want to authenticate the domain user and if he is in the
> domain, check his group. If not in the group, do not connect to wifi. Is
> this possible without ntlm ?
>
> 14 мая 2020 г., в 16:07, Matthew Newton <mcn at freeradius.org<mailto:
> mcn at freeradius.org>> написал(а):
>
> o do what? Just get policy information/groups etc, or to authenticate?
>
> FreeRADIUS can use LDAP to query AD to get group information etc just
> fine. However, AD won't give you a password over LDAP. So in the vast
> majority of cases if you want to authenticate you need to use mschap.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list