FreeRadius and Active Directory and SSSD

Alan DeKok aland at deployingradius.com
Tue May 10 13:09:56 UTC 2022


On May 10, 2022, at 8:56 AM, White, Daniel E. (GSFC-770.0)[AEGIS] via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> 
> I am trying to replace a Cistron RADIUS service running on a dinosaur of a Sparc Solaris 9 server before it explodes.

  Wow.  CIstron was effectively dead 20 years ago.

> This RADIUS service is only used to access network devices (switches, routers, etc.)

  Likely only PAP then.  But you'll have to double-check the packets.  Every piece of vendor equipment does something magical and special.

> We are moving to a centralized credentials setup with usernames/passwords in Active Directory.
> 
> We followed this document to connect RHEL servers.
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/index
> 
> Now we need a new RADIUS service that uses the AD credentials.

  Odds are that you can just use PAP, and connect to AD via LDAP.  And also check admin group privileges!

	if (LDAP-Group != "admin") {
		reject
	}
	... else check passwords, etc.

  Alan DeKok.



More information about the Freeradius-Users mailing list