Allister Maguire writes: > > We do it for our ISP, we use rlm_ldap for authorisation and rlm_pam for > authentication (using Kerberos), works great. We have created our own > ldap schema attributes, but you can use the Microsoft ones. One thing, > because we use kerberos it also requires the use of nss_ldap for user > lookup, the best option for you would be to use rlm_ldap for > authorisation and authentication.
I would think it would also be important to configure rlm_ldap to use TLS, lest plain text passwords be sent from the FreeRadius server to the Active Directory Server in the simple password LDAP authentication method rlm_ldap uses. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
