>My problem is that my windows box has no way of communicating with AD >server to verify user credentials for initial login screen (reason for >that is because switch port state is uncontrolled and no other but EAPOL >traffic can pass through) >Is there any way setting my windows box so that user gets authenticated >against radius and then AD using single sign on without doing any hacks >to MS GINA or stuff like that?
What does Windows box have to do with this? Enable port based authentication (802.1x) on the switch. Set it to use freeradius integrated with AD. Switch will pass credentials to freeradius and it will pass them to AD. From what you are saying (only EAPOL can pass through the port) it is more-or-less set that way. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
