-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Dienstag, 15. M�rz 2005 23:02 schrieb Mark Wasmer: > Hello FreeRADIUS-users, > > I have to set up a FreeRADIUS-server to authenticate notebooks and PCs > (Win2000, WinXP, Linux) via the existing Windows-NT PDC (will be > replaced with Server2003 sometimes) and add them to their matching VLAN > (using HP 2524-switches). > Can someone give me a few hints what might be the best way to do this ? > Through the lack of consistent documentation i can't see how to move on. > > The urgent questions in detail : > > 1. The Windows-NT server is not allowed to deliver plaintext-passwords, > so which authentication-protokol should be used ? EAP-MD5 would be fine, > but does it work without plaintext-passwords ?
EAP/MD5 is the only way for WinNT as far as I know. MD5 hash is transferred over the net, so no plaintext passwords on the line. > > 2. How to get the passwords from the PDC at all ? I've read about > rlm_smb (but is not included in the used Debian-Sarge-packet), > ntlm_auth, winbindd, PAM_winbind and the SMB-Method described in the > experimental.conf *puh* ??? SMB experimental yes. > > 3. If the things above work, how to define which user belongs to which > VLAN and get RADIUS to tell this to the authenticator ? Well, I could not imagine how WinNT could deliver VLANs since these information is not stored in WinNT user profiles. Perhaps you have to use realms to link user groups to VLANs. Only the username part is forwarded to WinNT. The username could look like [EMAIL PROTECTED] > 4. And finally - how to set up a centralized/convenient administration > method for the whole thing which makes it easy to add/delete users ? No chance since dialupadmin does not work with SMB. You always hace to set up two admins systems: One for WinNT, one for Radius. The better was would be to use directly the AD from Win2003. It should be possible to store VLAN information in AD with a scheme extension. Freeradius can operate together with AD. Management from AD. <private> Ich bin unter u.g. Adresse auch direkt zu erreichen ! </private> - -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn misch at multinet punkt de Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCN+yxqndXpO3Yl5sRAskpAKCRy91N5pY+jfeJXrp1dPQGmO3BGwCgi28L 1JpLerb/KjnJypWy6/0aepg= =ot06 -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
