NdK wrote: > Is it possible to bind to AD's LDAP using the Kerberos ticket obtained > at join time?
No. The LDAP API doesn't support that. > That would allow to search for group membership without spawning more > processes... Huh? You can configure AD as an LDAP server, and do group membership checks. All you need is a read-only administrator account. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
