RE: freeRADIUS and Microsoft Active Directory

Thu, 12 Aug 2004 15:35:58 -0700

Title: Message
Have you tired to integrate eap along with AD  on FreeRADIUS.
 
--kp
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, August 12, 2004 5:30 PM
To: [EMAIL PROTECTED]
Subject: AW: freeRADIUS and Microsoft Active Directory

Hello Hugo,
 
there is no problem to use FR with AD.
 
here is an example:
 
        ldap {
                server = your.ad.server.org
                identity = "(some user, you dosnt need a special one, i createt one only for asking ad. I have choosen the user principal name)"
                password= (the password)
                basedn = "dc=your,dc=company,dc=org"
                # here you have to choose the filter, i use the UserPrincipalName but you can choose something else to
                filter = "(UserPrincipalName=%u)"
 
                # set this to 'yes' to use TLS encrypted connections
                # to the LDAP database by using the StartTLS extended
                # operation.
                # The StartTLS operation is supposed to be used with normal
                # ldap connections instead of using ldaps (port 689) connections
                start_tls = no
 
                # Mapping of RADIUS dictionary attributes to LDAP
                # directory attributes.
                dictionary_mapping = ${raddbdir}/ldap.attrmap
 
                ldap_connections_number = 5
                #if you want to check if the user is in a special group you can use this
                groupmembership_filter = "(member=%{Ldap-UserDn})"
                timeout = 4
                timelimit = 3
                net_timeout = 1
        }
in the authorize and the authentication section you have to uncomment the ldap entry.
 
 
Your usersfile shold look like this:
 
DEFAULT         Ldap-Group == (groupname to check for), Auth-Type := LDAP
                        Fall-Through = no
 
Good Luck
 
Markus
-----Urspr�ngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Hugo Sousa
Gesendet: Donnerstag, 12. August 2004 10:44
An: [EMAIL PROTECTED]
Betreff: freeRADIUS and Microsoft Active Directory

Hi all,

Did any of you guys already configured a freeRADIUS with Microsoft Active Directory?

I know that is possibile to configure "FR" with LDAP, so, I think that it's also possible to do it with AD.

If you could reply me with some example of the .conf files to this particular situation, that would be just great! :-)

Thanls.
 
Best regards,
 
Hugo Sousa
SysAdmin / NetworkAdmin
http://www.netsystems.pt
Portugal

Reply via email to