>> I'm very frustrated now after spending a couple of weeks trying to get >> free radius to authenticate my Win2k machine accounts against active >> directory. :-( > > Sorry, blame Microsoft. It isn't possible, but they don't make it >obvious that it's not possible. > >> Alan, do you know of any way to get this working. I have been assured >> that Funk can do this, have you any idea how Funk are doing it. Funk >> costs too much. Maybe I'm not allowed to ask such questions. > > Funk does it by running the radius server on the AD server. At that >point, they can use *internal* Windows API's or hacks to get at the >data. Since FreeRADIUS is running externally, it can't use those >API's, and thus won't work. > > FreeRADIUS *will* run on XP. If someone were to write the necessary >code, you could run the server on XP, and do what Funk does.
It sounds to me like you're saying this is a server-side issue. Since AD is available via LDAP, why couldn't this FreeRadius install just use rlm_ldap to access the machine account info in AD? The Microsoft side of things isn't my greatest strength, least of all the AD/LDAP stuff, but it seems as though this *should* work. :-) -kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html