FreeRadius and Active Directory and SSSD

L.P.H. van Belle belle at bazuin.nl
Tue May 10 13:05:14 UTC 2022


https://rharmonson.github.io/2factorcos7.html 
1 google search gave me.  ( use : freeradius sssd kerberos) 

good luck. 


> -----Oorspronkelijk bericht-----
> Van: Freeradius-Users Namens White, Daniel E. (GSFC-770.0)[AEGIS] via
> Freeradius-Users
> Verzonden: dinsdag 10 mei 2022 14:56
> Aan: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
> CC: White, Daniel E. (GSFC-770.0)[AEGIS] <daniel.e.white at nasa.gov>
> Onderwerp: Re: FreeRadius and Active Directory and SSSD
> 
> I am trying to replace a Cistron RADIUS service running on a dinosaur of a
> Sparc Solaris 9 server before it explodes.
> This RADIUS service is only used to access network devices (switches,
> routers, etc.) We are moving to a centralized credentials setup with
> usernames/passwords in Active Directory.
> 
> We followed this document to connect RHEL servers.
> https://access.redhat.com/documentation/en-
> us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_wit
> h_windows_active_directory/index
> 
> Now we need a new RADIUS service that uses the AD credentials.
> 
> 
> ???On 5/10/22, 08:42, "Alan DeKok" <aland at deployingradius.com> wrote:
>     > On May 10, 2022, at 8:21 AM, White, Daniel E. (GSFC-770.0)[AEGIS] via
> Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>     >
>     > Approaching the problem from a different direction:
>     > Rather than "integrating" FR with Active Directory, could I set it up to use
> LDAP as the Auth-Type ?
> 
>       It depends.  PAP?  Yes.  MS-CHAP?  No.
> 
>       The documentation has endless examples of using Samba for AD
> integration, because in many cases it's required.  e.g. for MS-CHAP.
> 
>       Perhaps instead of asking what's possible, describe what you want to do.
> We can then say how to do it.
> 
>       FreeRADIUS can do almost anything.  The main limitations are external.
> i.e. certain EAP methods don't work with Active Directory, or with certain
> password storage methods.
> 
>       But if it's possible to do in RADIUS, FreeRADIUS can do it.
> 
>       Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list