"Kenneth Mix" <[EMAIL PROTECTED]> wrote: > For administrative users and script users I am using system > authentication. For lower-level users, I would like to authenticate > them via Active Directory, while still authorizing them via > freeradius.
That should be trivial to do. > I initially set this up using realms and proxying the request to an IAS > server on our AD domain controller, but I was not able to find any way > to assign attribute values to users within the realm. I don't understand what you mean by that. The server allows you to check for the existence of any attribute in a packet, and to respond with any other attribute. It even allows you to check for a realm, and to respond with realm-specific attributes. > The only other way I can think of to authenticate users off of AD > while authorizing them via freeradius is to use PAM authentication > with the pam_radius_auth module. I don't see why. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html