I have to believe that this topic has come up so frequently that most members of this list are sick of hearing about it... Unfortunately, my search of the archives did not result in a definitive answer for me - so I am compelled to bring up this question once again. Please forgive me.
Is it possible to have freeRADIUS communicate directly to an NT domain controller for the purpose of authenticating and/or authorizing users? Would migrating the NT domain to Active Directory open any additional options? This posting leads me to beleive that A.D. doesn't like to play nicely with anything that isn't licensed by micro$oft: --------------------------- http://www.mail-archive.com/[EMAIL PROTECTED]/msg19912.html > I looked briefly pam_smb, but as best as I could determine, it will > not work with AD. AFAIK, IAS is the only means to authenticate users to AD. I wonder why... Microsoft does supply an LDAP interface to AD, and it is possible to use it to do *some* kinds of authentication. But it's impossible to do anything other than PAP against AD, unless your name is "IAS". That's rude. --------------------------- I'd love to hear from others who have been faced with a similar challenge. Bryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
