Hi Nicola Am 10.07.2014 12:31, schrieb Nicola Ferrari (#554252): > I tried to config the internal freeradius2 package with ldap to > interface with the win2008ad, but it doesn't seem to work. Because it cannot verify passwords in LDAP as AD doesn't store passwords in plaintext which is what FreeRADIUS would do against a LDAP server. If you have a standalone RADIUS server on BSD/Linux you have to use Samba and let FreeRADIUS check the passwords with 'ntlm_auth', which is part of Samba.
I guess Brian is using FreeRADIUS locally with a local user database, that should work as is. Since FR with AD is one of the most-asked questions on, the FR developers have made pretty comprehensive howtos for that precise use-case. (freeradius.org wiki and Alan Dekok's deployingradius.com) I don't thinkg installing a full-blown Samba on pfSense is what you want (there is no binary Samba package for pfSense either) > could you please explain me your config? I guess since if you have an NPS up and running that it's better to try this route. Are you positive that you entered the hostname or IP, port and shared secret in Service: Captive portal: <yourcaptiveportal>? I'm asking since youre initial error message with PAP told you so. You mention configuring RADIUS in User management -> Servers. In my understanding this can be used for admin access, VPN etc, but captive portal is independent. That's why there are the fields in the captive portal to use RADIUS and then place to put the IP/port/shared secret. In fact I configured a pfSense box to authenticate admins against an existing AD so they don't get used to login as root. (and if someone breaks things we know who it was, not just admin/root) - and that was simply by using LDAP authentication, not extra RADIUS required in this case. Hope that helps a little -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
