hi,
i suggest EAP/PEAP MS-CHAPv2 with ntlm authentication.
bye
Frank Smith wrote:
Thanks for all your replies. This is simply to do 802.1x
authentication. Nothing to do with wireless. This is my first whack
at radius all together. Based on what you guys are saying, it sounds
like Radius -> Pam -> Pam-LDAP -> Active Directory sounds like the way
to go. Any objections?
On 5/8/06, *Phil Mayers* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Frank Smith wrote:
> I am running AD in native mode. By my ancient understanding of
samba, I
> cannot join this domain.
That is not correct, and is indeed ancient. Samba 3 can join an AD
native-mode domain. See the massive quantity of docs include with
samba.
Once in the domain, the winbind daemon can be started and the
ntlm_auth
helper used to answer MS-CHAP requests.
> I can authenticate using ldap, no? Also, is
LDAP can only service PAP requests. If you want PAP, LDAP works fine.
If you want to do e.g. wireless authentication with PEAP/MS-CHAP or
dialup using MS-CHAP, you must join the domain.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
------------------------------------------------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
