Re: Freeradius-Users Digest, Vol 51, Issue 100

Thu, 23 Jul 2009 04:39:14 -0700 

Hello Ivan,

Yes, It is a Upcoming project. I would appreciate whatever help I get from you 
or any reference to where I can get more information from.
We have our users on the aaaa.example.com domain and are in edirectory 
environment. But our users are going to share a big part of the building with 
another company who are a totally different domain controlled by active 
directory. Our management wants us to create a radius infrastructure so that a 
user irrespective of their company, plug their laptop in a available socket, 
and gets put into the right domain and all the other network services based on 
their login credentials. 

Many Thanks,
Jas


Message: 4
Date: Thu, 23 Jul 2009 10:14:59 +0100 (BST)
From: "Ivan Kalik" <t...@kalik.net>
Subject: Re: Freeradius With edirectory and Active directory
To: "FreeRadius users mailing list"
    <freeradius-users@lists.freeradius.org>
Message-ID:
    <53179.194.176.105.44.1248340499.squir...@webmail.kalik.net>
Content-Type: text/plain;charset=utf-8

> Is it possible to have freeradius integrated in a environment with two
> totally different domains, one controlled by edirectory and the other by
> active directory?

Yes. You will need to create two mschap instances (one with ntlm_auth and
one without) and failover in Auth-Type MS-CHAP.

Auth-Type MS-CHAP {
     mschap_default {
          reject = 2
     }
     if(reject) {
          mschap_ad
     }
}

Where mschap_default is a copy of default mschap module while mschap_ad
has ntlm_auth line enabled. This applies to AD + anything else (ldap, sql,
users file stored passwords). If you are going to have pap requests as
well you should add failover to ntlm_auth after pap:

if(!Auth-Type) {
     update control {
          ntlm_auth
     }
}

Is there interest for this? I can write a guide how to combine
authentication of AD stored accounts with those stored elsewhere (ldap,
sql, users file).

Ivan Kalik
Kalik Informatika ISP



------------------------------



      Yahoo! recommends that you upgrade to the new and safer Internet Explorer 
8. http://downloads.yahoo.com/in/internetexplorer/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to