I'm sorry, I should have been more specific. I have multiple Cisco access servers (AS5300/AS5350/AS5400) and some are in one pool of users, some are in another, and some are in still another. I think about 5 different pools.
So kind of imagine a tree of sorts. The leaves/branches are the Cisco ASXXXX servers, they go back and authenticate to a Linux server with Free Radius. The Linux/FreeRADIUS server then ultimately authenticates the users back to an AD server. But the different pools need different policies, etc. for connect time, and so forth. Does this make it clearer? I apologize if I was too confusing before. Or is there a way to get away from multiple realms given my situation? Oh, and I need to have separate accounting logs for each pool also. Meaning, I can't have everything accounted into the same file. Each pool would need to have separate accounting logs. Would it make sense to authenticate to the AD via RADIUS as well? Or just use LDAP? I'm curious, why won't chap work? I really don't care if MS-CHAP breaks, we have never supported it here in the past. But it strikes me as odd that it would break CHAP. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok Sent: Wednesday, November 19, 2003 11:12 AM To: [EMAIL PROTECTED] Subject: Re: Multiple realm authentication with FreeRADIUS back to Active Directory? "Heiden, John" <[EMAIL PROTECTED]> wrote: > I am assuming I need to somehow have FreeRADIUS add a realm > to the incoming information first, then pass that back to the > Active Directory server? Are you using FreeRADIUS to put the users into different realms, or are the users logging in with different realms? You said you need multiple realms, but you haven't said *why*. > Second, what is the best way to authenticate to an AD? FreeRADIUS can use it as an LDAP server, but CHAP & MS-CHAP won't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
