-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Cool Man wrote: | Hi, | | | Active Directory works with freeradius through, but if | you want to use it within a 802.1x/EAP environment it | won't work. Because you have to get out of Active | Directory the NT Passwords. Active Directory doesn't | support this, so far I came to know. |
Suggestion: look at getting rlm_krb5 to work. If you want an example config:
/etc/krb5.conf:
- --- begin --- [logging] ~ default = FILE:/var/log/krb5libs.log ~ default = SYSLOG ~ kdc = FILE:/var/log/krb5kdc.log ~ kdc = SYSLOG ~ admin_server = FILE:/var/log/kadmind.log ~ admin_server = SYSLOG
[libdefaults] ~ ticket_lifetime = 24000 ~ default_realm = DOMAIN.ORG ~ dns_lookup_realm = false ~ dns_lookup_kdc = false
[realms]
~ DOMAIN.ORG = {
~ kdc = 1.2.3.4:88
~ admin_server = 1.2.3.4
~ }[domain_realm] ~ .telsource.net = DOMAIN.ORG ~ telsource.net = DOMAIN.ORG
[kdc] ~ profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
~ pam = {
~ debug = true
~ ticket_lifetime = 36000
~ renew_lifetime = 36000
~ forwardable = true
~ krb4_convert = false
~ addressless = true
~ }
- --- end ---then, in radiusd.conf:
modules {~ krb5 {
~ service_principal = DOMAIN.ORG
~ }}
authenticate {
~ #
~ # krb5 / kerberos
~ #
~ krb5
}/etc/users:
DEFAULT Auth-Type = Kerberos ~ Fall-Through = 1
| Is there any solution to this. | | Thanks, | Raza. | | | | | --- Thomas Lasswell <[EMAIL PROTECTED]> wrote: | | |>Yes, you can do this, you have to use LDAP to |>integrate the two, and |>I've included a link that might be of some use... |> |>LDAP (Incorporates radius server with AD |>Authentication) |>http://www.siliconvalleyccie.com/linux-adv/ldap.htm |> |>-- |>Thomas Lasswell |>http://www.graphinesystems.com |>[EMAIL PROTECTED] |>[EMAIL PROTECTED] |> |>On Wed, 20 Oct 2004 05:36:46 -0700 (PDT), Cool Man |><[EMAIL PROTECTED]> wrote: |> |>>Hi , |>> |>>I would like to know if freeradius works with |> |>Active |> |>>directory. If so how can I configure it. |>> |>>secondly, I want to use Active Directory within |> |>for |> |>>802.1x/EAP authentication. Is there any |> |>possibility to |> |>>establish this tak. |>> |>>Thanks, |>>Raza. |>> |>> |>>__________________________________ |>>Do you Yahoo!? |>>Read only the mail you want - Yahoo! Mail |> |>SpamGuard. |> |>>http://promotions.yahoo.com/new_mail |>> |>>- |>>List info/subscribe/unsubscribe? See |> |>http://www.freeradius.org/list/users.html |> |>- |>List info/subscribe/unsubscribe? See |>http://www.freeradius.org/list/users.html |> | | | | | | __________________________________ | Do you Yahoo!? | Y! Messenger - Communicate in real time. Download now. | http://messenger.yahoo.com | | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBd7qDJMsmxxUXIdYRArkPAKC6OBXfpkhcUoxgcBJRdYxpqlQ2hQCg2At6 DQ+qEP+oPUTDJZIIePITkUM= =Tbnh -----END PGP SIGNATURE-----
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
