FreeRadius and Active Directory and SSSD
White, Daniel E. (GSFC-770.0)[AEGIS]
daniel.e.white at nasa.gov
Tue May 10 13:16:13 UTC 2022
Thanks.
Does the AD-LDAP connection provide AD groups to allow user "filtering" ?
On 5/10/22, 09:10, "Alan DeKok" <aland at deployingradius.com> wrote:
On May 10, 2022, at 8:56 AM, White, Daniel E. (GSFC-770.0)[AEGIS] via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> I am trying to replace a Cistron RADIUS service running on a dinosaur of a Sparc Solaris 9 server before it explodes.
Wow. CIstron was effectively dead 20 years ago.
> This RADIUS service is only used to access network devices (switches, routers, etc.)
Likely only PAP then. But you'll have to double-check the packets. Every piece of vendor equipment does something magical and special.
> We are moving to a centralized credentials setup with usernames/passwords in Active Directory.
>
> We followed this document to connect RHEL servers.
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/integrating_rhel_systems_directly_with_windows_active_directory/index
>
> Now we need a new RADIUS service that uses the AD credentials.
Odds are that you can just use PAP, and connect to AD via LDAP. And also check admin group privileges!
if (LDAP-Group != "admin") {
reject
}
... else check passwords, etc.
Alan DeKok.
More information about the Freeradius-Users
mailing list