FreeRadius and Active Directory and SSSD
Josef Vybíhal
josef.vybihal at gmail.com
Tue May 10 12:55:05 UTC 2022
If you want to do MS-CHAPv2 against AD winbind is probably your only
bet, as described in docs. sssd does not do ntlm protocol and I am
almost certain it never will be (why would it?)
But if PAP or EAP-TTLS is fine, you have options.
See http://deployingradius.com/documents/protocols/compatibility.html
for compatibility.
J.
On Tue, May 10, 2022 at 2:22 PM White, Daniel E. (GSFC-770.0)[AEGIS]
via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Approaching the problem from a different direction:
> Rather than "integrating" FR with Active Directory, could I set it up to use LDAP as the Auth-Type ?
>
> On 5/9/22, 16:09, "Freeradius-Users on behalf of Alan DeKok" <freeradius-users-bounces+daniel.e.white=nasa.gov at lists.freeradius.org on behalf of aland at deployingradius.com> wrote:
>
> On May 9, 2022, at 3:33 PM, White, Daniel E. (GSFC-770.0)[AEGIS] via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> >
> > An observation:
> > The instructions seem to only cover winbind.
> > As an example, it says to use the "ntlm_auth" command. That command is not part of sssd.
>
> See the sssd documentation for other commands to test user name / password authentication with sssd. We didn't write sssd, and we don't know much about it.
>
> > Is there a newer version of that guide page that uses sssd instead of winbind ?
>
> There is no secret documentation. All of the documentation is public, and is publicly accessible.
>
> The Wiki can be edited. If you figure things out, please document them so that other people don't run into the same issues. Waiting for the FR developers to do everything may very well be a lost cause in some cases.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list