Justin Steward wrote: > Now, the stock standard way of authenticating against AD is using samba, > joining the domain, and using NTLM Auth. Since I have multiple AD > domains, how would this best be handled? > > I know that PHP is capable of using LDAP to authenticate against an AD > server. Can freeRadius also do this? How, or why not?
ntlm_auth has a --domain parameter. It can be used to authenticate different domains. However... they all need to be part of the same AD forest / whatever. You CANNOT authenticate to two completely independent AD systems. This is a fundamental limitation of AD. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
