Thanks for the quick reply and your help. Setting up IAS/NPS is not a
problem. Assuming this is set up on the AD box, can we simply terminate
PEAP type connections or connections for a certain realm at their
IAS/NPS instead of at radiusd?
That is to say, all we want freeradius to do is recognize a certain
trigger and simply send the connection to IAS/AD for the entire
authentication and authorization process. We do not want to use samba
and ntlm_auth if such a thing is feasible for TTLS/MSCHAP, we simply
want the entire radius access-request from the NAS to go through to
their IAS from us.
Sincerely,
Max
Ivan Kalik wrote:
What we are wondering is if its possible to still have requests come
through to our freeradius box, and instead of providing the certificate
and proxying the contents of the inner tunnel to the AD box.. if its
possible to simply proxy the entire request, PEAP/MSCHAP and all
directly to their AD servers? They are hesitant to allow our freeradius
box to join the domain, and if its doable, a workaround would be the
preferred route.
No, domain controler is not a radius server. They would need to set up
IAS. Freeradius can proxy to that thing.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
