Alan DeKok wrote:
So what needs to be done to be able to use EAP with an AD-backend?
You can't do it.
As in, it can't be done with FreeRadius or as in, it can't be done with
any open source radius daemons? Would an AD <-> IAS <-> FreeRadius proxy
work?
Magnus
-
List info/subscribe/unsubscrib
Not really. For many situations, AD is just another LDAP server,
and can be configured as such. The problem is that if you're doing
EAP, CHAP, or MS-CHAP, you can't really use AD.
So what needs to be done to be able to use EAP with an AD-backend? Can I
use kerberos as authentication but till
Michael Griego said (04-11-12 17:11):
If you use the ldapsearch utility to perform the same search the
FreeRADIUS server is doing, what does it return? I'm wondering if your
AD tree isn't using LDAP referrals in there somewhere...
ldapsearch works just fine no matter what I set basedn to (as oppos
I've configured sql and radutmp accounting and everything works just
fine with my cisco switches. Logged on users are available using radwho
and radlast. The same is not true for HP switches though.
Here's what a HP26xx switch sends when a user logs on:
rad_recv: Accounting-Request packet from h
Magnus Påhlsson said (04-11-10 19:24):
Here's an interesting problem. I got ldap authentication working but
ONLY as long as I have ldap_debug = 0x. Configuration as follows:
If I change basedn to the exact path of the ou where the user objects
are stored (ou=someOU,ou=someOtherOu,dc=d
Samuel,
A suggestion for whoever maintains the list...perhaps adding an
identifying tag to the subject lines of list messages? Something like
[freeradiuslist] or some-such. Something to make the emails from the
list easier to identify, and in turn filter to a dedicated folder.
while I agree that
1) Authentication against two different AD-forests (two different
realms) using 4 domain controllers (2 per realm). I've tried getting
freeradius to authenticate using the LDAP module but after a short while
I gave up and instead configured PAM-support and the libpam-ldap module.
Does anyone kn
Hi, list.
I'm rather new to FreeRadius and before I spend a lot of time trying to
get things working I figured it would be good to ask more knowledgeable
people if what I need is even possible.
1) Authentication against two different AD-forests (two different
realms) using 4 domain controllers (2
8 matches
Mail list logo
