Thanks for all your replies.  This is simply to do 802.1x authentication.  Nothing to do with wireless.  This is my first whack at radius all together.  Based on what you guys are saying, it sounds like Radius -> Pam -> Pam-LDAP -> Active Directory sounds like the way to go.  Any objections?

On 5/8/06, Phil Mayers <[EMAIL PROTECTED]> wrote:
Frank Smith wrote:
> I am running AD in native mode.  By my ancient understanding of samba, I
> cannot join this domain.

That is not correct, and is indeed ancient. Samba 3 can join an AD
native-mode domain. See the massive quantity of docs include with samba.
Once in the domain, the winbind daemon can be started and the ntlm_auth
helper used to answer MS-CHAP requests.

>  I can authenticate using ldap, no?  Also, is

LDAP can only service PAP requests. If you want PAP, LDAP works fine.

If you want to do e.g. wireless authentication with PEAP/MS-CHAP or
dialup using MS-CHAP, you must join the domain.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to