You can't get cleartext password from AD, but you can extract encrypted (nt hashed) password as NT-Password with ldap. You will be able to authenticate pap and mschap requests with that.
Ivan Kalik Dana 14/8/2008, "Murray, Elizabeth [DNR]" <[EMAIL PROTECTED]> piše: >Thanks. Glad I didn't get this last night or I wouldn't have slept!!! > > >I will have multiple access points spread across a large geographic area that >will authenticate to a series of Radius servers located in the internal >network. Any other suggestions would be appreciated. I've got most of this >in my head so I need to do some writing. I'm here for 2 days then vacation. >I almost don't want to go because this has been such a frustrating task for me. > >Thanks again. Any more ideas would be appreciated. > >Liz M > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Maurizio >Cimaschi >Sent: Wednesday, August 13, 2008 5:44 PM >To: FreeRadius users mailing list >Subject: Re: Freeradius in an AD environment on opensuse server > >Hi Liz, > >Murray, Elizabeth [DNR] wrote: >> Weâve moved from a Novell eDirectory solution to . . . . Active Directory. > >I'm not an AD expert, but they say ( >http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbg_dat_jhzx.mspx?mfr=true >) that AD is accessible using the LDAPv3 protocol; so it should be >possible to use it like any other LDAP server. > >> Can I set up freeradius to authenticate with ldaps and be secure? > >What do you mean with "to be secure" ? >Do you mean the connection between the radius server and the AD ? >Are you familiar with the SCHEMAs used in AD (I'm not, by the way) ? >Have you already planned the access rules that you will need on the AD >to complete the authentication/authorization procedure ? >(These are questions intented for yourself, in the first place). > >> The >> ldap would be Microsoft and is on my domain controller. I have >> websites using the ldap process but OR do I have to do that samba thing? > >First of all, I think that you should take a moment to put down the >architecture that you're working with (just to have a complete picture), >your goals and the expertise that is available to you and/or your >collegues/organization. Then, you can start planning your setup. > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
