Well I have another angle I will be attacking the problem from on the weekend. I will be installing and configuring OpenLDAP on my linux server making it replicate the ADS 2003 server then following the gentoo-wiki's Freeradius and OpenLDAP implementation howto.
So the modified layout plan: client -> cisco wap -> linux + fr -> linux + openldap -> windows 2003 ADS At least this way I will have two LDAP implementations to test against, which ever works 1st becomes the default solution :). I Do understand that the novel eDirectory works very nicely (novells LDAP implementation) but due to pricing issues it will be left until the last option. I would like to say though Novell generally has excellent support. On 4/27/07, Jacob Jarick <[EMAIL PROTECTED]> wrote: > I have been at this for awhile now, so I thought I would share a > summary of what I have figured out so far for anyone else that decides > to try this. > > 1 - Documentation for this particular configuration is either out of > date / incomplete / both. There are no howtos that will get from start > to end (if you do know of one or wrote one yourself please share - I > will myself when I figure it all out). > > 2 - Most the trouble is due to the fact we are making a linux service > talk to a windows service (AD LDAP). Freeradius talking to the linux > passwd file is a breeze by comprassion. > > 3 - Windows 2003 LDAP implementation will not provide a password when > a user/ service preforms a ldap search, the proper way If I understand > correctly is to supply plain text username / password then freeradius > preforms a bind with the provided credentials against your ADS server, > success means the password was correct. > > 4 - Installing "Services For Unix" on 2003 will make AD LDAP provide a > password hash attribute among other unix LDAP attributes. The user has > have posix enabled. > > 5 - Anonymous searchs can be preformed on 2003 AD LDAP if you set > dSHeuristics to 0000002 using adsiedit.msc. > > 6 - Microsofts LDAP is different to Novells (big surprise) and so > unfortunately their documentation isnt to helpfull as a reference for > people trying to use ADS in the same fashion. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html