Moe, John wrote: > I'm trying to set up a FreeRADIUS server in our organization, and the > corporate preference is to run on Windows. I've got FreeRADIUS to compile > and have successfully completed the PAP test (from > http://deployingradius.com/documents/configuration/pap.html) to make sure it > works.
That's a bit of work. I haven't bothered trying that in a while. > Now I'm looking to set up Active Directory authentication. To do > that, all the documentation I've read is geared towards Linux servers > running Samba. From what I gather, it uses the ntlm_auth program to > authenticate to the Windows Active Directory, which returns "NT_KEY output, > which is needed in order for FreeRADIUS to perform MS-CHAP authentication." > > Is there a way I can do this on a Windows/Cygwin server? Not really, no. There isn't much point, either. The *correct* way to do it on Windows would be to use some Windows MS-CHAP APIs to authenticate (if those exist). There could be a Windows-specific MS-CHAP module. But that takes time. My $0.02: run a VMware image of Linux on the Windows box. FreeRADIUS doesn't need a whole lot of CPU power, so it shouldn't be a problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html