Hi, list.
I'm rather new to FreeRadius and before I spend a lot of time trying to get things working I figured it would be good to ask more knowledgeable people if what I need is even possible.
1) Authentication against two different AD-forests (two different realms) using 4 domain controllers (2 per realm). I've tried getting freeradius to authenticate using the LDAP module but after a short while I gave up and instead configured PAM-support and the libpam-ldap module. Does anyone know of an AD+FreeRadius-specific mini-howto?
2) Would be good to have the possibility of using Realm+Group membership to determine which properties should be passed along to the NAS. The reason for this is that the realms might have groups and/or users with identical names but not necessarily the same rights.
3) Configure Cisco 3000 series concentrator, Cisco Catalyst switches and HP Procurve switches to use radius for telnet/ssh login, dot1x authentication and dynamic vlan-assignment. All this is of course possible but if implemented as question 1 suggests, will everything work transparently for the NAS's seeing as they themselves cannot be made aware of the different realms?
4) Is it possible to get everything working without modifying the LDAP schema? My Windows-Admin loses sleep over the thought of schema modification...
All answers and any pointers are much appreciated..
regards, Magnus
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
