FreeRadius and Active Directory and SSSD
White, Daniel E. (GSFC-770.0)[AEGIS]
daniel.e.white at nasa.gov
Mon May 9 12:03:05 UTC 2022
Thanks, Alan
The users are connecting to network devices (Cisco, Juniper switches and routers)
The network devices connect to RADIUS to verify the user's credentials which redide in AD.
From your response, it sounds like the existing configuration will work without the need to add winbind.
Is this accurate ?
On 5/9/22, 07:52, "Freeradius-Users on behalf of Alan DeKok" <freeradius-users-bounces+daniel.e.white=nasa.gov at lists.freeradius.org on behalf of aland at deployingradius.com> wrote:
On May 9, 2022, at 7:31 AM, White, Daniel E. (GSFC-770.0)[AEGIS] via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> RHEL 8 server
> Joined to AD domain using sssd for credentials
>
> The file /etc/nsswitch.conf contains:
>
> passwd: sss files systemd
> group: sss files systemd
> netgroup: sss files
> automount: sss files
> services: sss files
>
> shadow: files sss
> hosts: files dns myhostname
>
> aliases: files
> ethers: files
> gshadow: files
> networks: files dns
> protocols: files
> publickey: files
> rpc: files
>
> This guide
> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.freeradius.org%2Fguide%2Ffreeradius-active-directory-integration-howto&data=05%7C01%7Cdaniel.e.white%40nasa.gov%7Ca85c385fa4d942785ae908da31b2759d%7C7005d45845be48ae8140d43da96dd17b%7C0%7C0%7C637876939799116253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=iAx6B5CSCVfV4Ld1DKwxK8cSNe92UZO6SZZzUimZOtk%3D&reserved=0
> says to append "winbind" to passwd, shadow, group, protocols, services, netgroup, automount
>
> Is this going to break things ?
If you want users to come directly from AD, then you can add winbind. If instead you use sssd for users, and it connects to AD, then just list "sss".
Alan DeKok.
More information about the Freeradius-Users
mailing list