Guy Davies wrote:
The other alternative is to use a third party 802.1x supplicant with a
decent GINA module. This behaves *exactly* as you want. It accepts the
users' credentials at the windows login, stops the windows login process,
logs the user into the network, then returns control to windows to login the
user to the AD. I've been doing this with EAP-TTLS/PAP to an AD backend
with LDAP (no NTLM :-) for a while.
Sure, though there's typically cost (sometimes money, sometimes just
time) and of course the need for custom software there.
Are you using a for-pay one, or are they any good free ones these days?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
