Hi, I'm using FreeRADIUS 2.1.7 on RHEL 5.6.
My AD admins recently upgraded from Win2k3 to Win2k8r2. As a result, this broke compatibility with Samba 3.0.x--so I was forced to upgrade to Samba 3.5.x to resolve those issues. To further complicate things, I use Likewise Enterprise to provide AD integration--for compatibility with Samba 3.5.x, I had to upgrade from Likewise 5.x to 6.0. While Samba 3.5 and Likewise 6 fixed the problems authenticating against Win2k8r2, Likewise removed support for Samba/Winbind in their 6.x series product (they included full support for Samba/Winbind in their 5.x series product)--they now use their own libraries to provide "winbind" functionality. The result of this is that the Samba-included ntlm_auth no longer works (and Likewise doesn't provide a comparable replacement)--since my FreeRADIUS install was using ntlm_auth for AD authentication and authorization, it is no longer working. So I'm looking at alternate ways of authenticating against Win2k8r2. I was hoping to get some input from the list regarding this. The FreeRADIUS server is fully configured (via Likewise Enterprise) to authenticate against AD using Kerberos. Authorization is also provided by Likewise Enterprise through other libraries. Both authentication and authorization function properly at the OS level and it integrates well with PAM and anything that can use Kerberos for authentication--so you can do things like log into the server via SSH using AD credentials. I currently only use FreeRADIUS to provide access to VPN clients--the VPN server is a Cisco ASA. I am also working on a Cisco Aironet deployment that will use FreeRADIUS, though this hasn't been configured yet (I'm in the early stages of that deployment). I don't really care if authorization is local or via AD, but I would definitely like authentication to occur via AD. So barring ntlm_auth, is there a good/better/best way of connecting FreeRADIUS to AD? PAM? Kerberos? LDAP? ~ Tom - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
