Frankly, running Free Radius on windows sounds like a bad idea, especially should you ever need to update it or have another person (maybe 5 years down the road) change it a bit. Generally, running server process under cygwin is a lot of extra work for not much convenience. I would suggest either running it on a linux server (and documenting everything you do) or running a different RADIUS server that natively runs on windows.
On Wed, Feb 9, 2011 at 9:36 PM, Moe, John <j...@hatch.com.au> wrote: > I'm trying to set up a FreeRADIUS server in our organization, and the > corporate preference is to run on Windows. I've got FreeRADIUS to compile > and have successfully completed the PAP test (from > http://deployingradius.com/documents/configuration/pap.html) to make sure it > works. Now I'm looking to set up Active Directory authentication. To do > that, all the documentation I've read is geared towards Linux servers > running Samba. From what I gather, it uses the ntlm_auth program to > authenticate to the Windows Active Directory, which returns "NT_KEY output, > which is needed in order for FreeRADIUS to perform MS-CHAP authentication." > > Is there a way I can do this on a Windows/Cygwin server? I tried to get > Samba to compile and install to test if it'd work on a Windows server, but > it needed Kerberos to talk to AD, and Kerberos didn't seem to want to > compile without shared libraries, which apparently Cygwin doesn't support. > Does anyone know any other programs that can be used to provide this > authentication mechanism, that also run on Windows? Or do I need to do this > on a Linux server? > > I've tried to Google for the answers to this without luck. Any help or > pointers would be appreciated. Thanks. > > John H. Moe > Network Support - Hatch IT > HATCH > Tel: +61 (7) 3166 7777 > Direct: +61 (7) 3166 7684 > Fax: +61 (7) 3368 3754 > Mobile: +61 438 772 425 > 61 Petrie Terrace, Brisbane, Queensland Australia 4011 > > ***************************** > NOTICE - This message from Hatch is intended only for the use of the > individual or entity to which it is addressed and may contain information > which is privileged, confidential or proprietary. > Internet communications cannot be guaranteed to be secure or error-free as > information could be intercepted, corrupted, lost, arrive late or contain > viruses. By communicating with us via e-mail, you accept such risks. When > addressed to our clients, any information, drawings, opinions or advice > (collectively, "information") contained in this e-mail is subject to the > terms and conditions expressed in the governing agreements. Where no such > agreement exists, the recipient shall neither rely upon nor disclose to > others, such information without our written consent. Unless otherwise > agreed, we do not assume any liability with respect to the accuracy or > completeness of the information set out in this e-mail. If you have received > this message in error, please notify us immediately by return e-mail and > destroy and delete the message from your computer. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Random quote of the week/month/whenever i get to updating it: "Quis custodiet ipsos custodes?": "who shall watch the watchers themselves?" - Juvenal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
