Is Radius Authorization bound to Radius Authentication?
little-nemo at virgilio.it
little-nemo at virgilio.it
Fri Sep 8 11:52:31 UTC 2023
Dear members,
I managed to autenticate users through MschapV2/ntlm_auth vs Active Directory (reference#1 https://networkradius.com/articles/2021/02/04/active-directory-with-FreeRADIUS.html, reference#2 https://networkradius.com/articles/2021/09/29/configure-authentication-with-active-directory.html). Freeradius version: 3.0.21.
Then I read "Authentication systems and protocol compatibility https://networkradius.com/articles/2021/10/08/authentication-system-and-protocol-compatibility.html" and "Authenticating Users with LDAP https://freeradius.org/documentation/freeradius-server/3.2.4/concepts/modules/ldap/authentication.html", so now I wonder whether I could also use LDAP(S) for the Authorization phase-only.
The doubt comes from the presence of the "identity" in mods-available/ldap.
Is that Identity used for the binding to AD? I guess so.
Thus, username/password of the user trying to authenticate are not involved in the LDAP binding. Am I wrong?
Is it worth to spend additional time to study how to setup LDAP Authorization? The primary goal is to read group membership but in future other needs may arise.
Thanks in advance for your time.
Pietro
More information about the Freeradius-Users
mailing list