What is the best way to authenticate users against Active Directory via Freeradius? Is it with ntlm_auth or LDAP? My scenario is to authenicate our VPN users (using Cisco VPN clients and VPN concentrators) to authenticate against AD via radius. Somebody mentioned that if MSCHAP is not used during the process that ntlm_auth is overkill. Does that mean it will not work? But, if it does work, how do I go about doing it? If ntlm_auth is not a viable solution, how about LDAP? In this case, will I need to install AD4UNIX or Microsoft's services for Unix to extend the schema of our Active Directory? And have the Administrator's BaseDN and password hard coded in the ldap.conf file so searches would be possible?
Hopefully, someone out there has done this and could provide some pointers... Thanks in advance Robert Graham - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
