Re: FW: FreeRadius Authentication against AD or AD LDS (LDAP)
limacher david wrote: > I'm looking for a solution to realize a FreeRadius Server, which can > Authenticate against primary a AD and as second method against AD LDS > (Lightweight Directory from Windows). Follow this guide: http://deployingradius.com/documents/configuration/active_directory.html > We want for our WLAN, that in the Guest-Network employees can use their > AD-Login (I already implemented that with ntlm_auth and it works) and > also guests can use this network but their login should be in a AD LDS > (LDAP), which can be edited by our reception. I would prefer not to > store the password for the guests as Cleartext. Is this possible? > How could I realize that with FreeRadius? You don't. AD stores passwords in hashed form. And you *can't* get access to the passwords. This is a limitation of AD, not FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: FreeRadius Authentication against AD or AD LDS (LDAP)
On Tue, Jul 16, 2013 at 1:02 PM, limacher david wrote: > Hello > > I'm looking for a solution to realize a FreeRadius Server, which can > Authenticate against primary a AD and as second method against AD LDS > (Lightweight Directory from Windows). > We want for our WLAN, that in the Guest-Network employees can use their > AD-Login (I already implemented that with ntlm_auth and it works) and also > guests can use this network but their login should be in a AD LDS (LDAP), > which can be edited by our reception. I would prefer not to store the > password for the guests as Cleartext. Is this possible? > How could I realize that with FreeRadius? > If you're asking "how can I store encrypted password in LDAP that is usable by MSCHAPv2", then you should be able to use nt-hash. One way to generate the password is to use FR's smbencrypt command line tool. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FW: FreeRadius Authentication against AD or AD LDS (LDAP)
Hello I'm looking for a solution to realize a FreeRadius Server, which can Authenticate against primary a AD and as second method against AD LDS (Lightweight Directory from Windows). We want for our WLAN, that in the Guest-Network employees can use their AD-Login (I already implemented that with ntlm_auth and it works) and also guests can use this network but their login should be in a AD LDS (LDAP), which can be edited by our reception. I would prefer not to store the password for the guests as Cleartext. Is this possible? How could I realize that with FreeRadius? Thanks in advance Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html