On Wed, 2005-08-17 at 22:25 +0300, Sergey Poznyakoff wrote: > Derrick MacPherson <[EMAIL PROTECTED]> wrote: > > > Server: Windows 2000 server - all accounts are in AD. > > 'AD' means 'active directory', doesn't it?
Yes, Sergey, sorry for being lazy in my typing. > > - Authentication is determined by membership in a group from the AD, > > and several machines are allowed to bypass based on IP. > > - Cisco PIX firewall that's talking to a Windows 2000 RADIUS > > server. (which I want to replace) > > The main problem will be for your radius to access AD. If there is a PAM > module that is able to do so, you can use it. ntlm_auth can access the info, I've got squid doing so using: auth_param ntlm program /usr/local/bin/ntlm_auth \ --helper-protocol=squid-2.5-ntlmssp --require-\ membership-of=S-1-5-21-1058564242-1277044956-825688854-1337\ Domain Group (2) auth_param basic program /usr/local/bin/ntlm_auth \ --helper-protocol=squid-2.5-basic Is there a way for gnu-radius to interpert that data? _______________________________________________ Help-gnu-radius mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnu-radius
