FreeRadius and Active Directory and SSSD
White, Daniel E. (GSFC-770.0)[AEGIS]
daniel.e.white at nasa.gov
Tue May 10 12:56:14 UTC 2022
I am trying to replace a Cistron RADIUS service running on a dinosaur of a Sparc Solaris 9 server before it explodes.
This RADIUS service is only used to access network devices (switches, routers, etc.)
We are moving to a centralized credentials setup with usernames/passwords in Active Directory.
We followed this document to connect RHEL servers.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/index
Now we need a new RADIUS service that uses the AD credentials.
On 5/10/22, 08:42, "Alan DeKok" <aland at deployingradius.com> wrote:
> On May 10, 2022, at 8:21 AM, White, Daniel E. (GSFC-770.0)[AEGIS] via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Approaching the problem from a different direction:
> Rather than "integrating" FR with Active Directory, could I set it up to use LDAP as the Auth-Type ?
It depends. PAP? Yes. MS-CHAP? No.
The documentation has endless examples of using Samba for AD integration, because in many cases it's required. e.g. for MS-CHAP.
Perhaps instead of asking what's possible, describe what you want to do. We can then say how to do it.
FreeRADIUS can do almost anything. The main limitations are external. i.e. certain EAP methods don't work with Active Directory, or with certain password storage methods.
But if it's possible to do in RADIUS, FreeRADIUS can do it.
Alan DeKok.
More information about the Freeradius-Users
mailing list