Hello Ivan,
Yes, It is a Upcoming project. I would appreciate whatever help I get from you
or any reference to where I can get more information from.
We have our users on the aaaa.example.com domain and are in edirectory
environment. But our users are going to share a big part of the building with
another company who are a totally different domain controlled by active
directory. Our management wants us to create a radius infrastructure so that a
user irrespective of their company, plug their laptop in a available socket,
and gets put into the right domain and all the other network services based on
their login credentials.
Many Thanks,
Jas
Message: 4
Date: Thu, 23 Jul 2009 10:14:59 +0100 (BST)
From: "Ivan Kalik" <[email protected]>
Subject: Re: Freeradius With edirectory and Active directory
To: "FreeRadius users mailing list"
<[email protected]>
Message-ID:
<[email protected]>
Content-Type: text/plain;charset=utf-8
> Is it possible to have freeradius integrated in a environment with two
> totally different domains, one controlled by edirectory and the other by
> active directory?
Yes. You will need to create two mschap instances (one with ntlm_auth and
one without) and failover in Auth-Type MS-CHAP.
Auth-Type MS-CHAP {
mschap_default {
reject = 2
}
if(reject) {
mschap_ad
}
}
Where mschap_default is a copy of default mschap module while mschap_ad
has ntlm_auth line enabled. This applies to AD + anything else (ldap, sql,
users file stored passwords). If you are going to have pap requests as
well you should add failover to ntlm_auth after pap:
if(!Auth-Type) {
update control {
ntlm_auth
}
}
Is there interest for this? I can write a guide how to combine
authentication of AD stored accounts with those stored elsewhere (ldap,
sql, users file).
Ivan Kalik
Kalik Informatika ISP
------------------------------
Yahoo! recommends that you upgrade to the new and safer Internet Explorer
8. http://downloads.yahoo.com/in/internetexplorer/-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
