Michael, Thanks. How much control do you have to give to the domain controller to have that scheme working? (Somehow having AD, and the AD guys, controlling our UNIX box gives me the schills... ;-)
Philippe ---------------------------------- Philippe Hanset University of Tennessee, Knoxville Office of Information Technology Network Services 108 James D Hoskins Library 1400 Cumberland Ave Knoxville, TN 37996 Tel: 1-865-9746555 ---------------------------------- On Tue, 26 Aug 2008, Michael Griego wrote: > Philippe, > > At UTD, we used FreeRADIUS to authenticate against Active Directory. > It required that you set up Samba and join it to the domain, but it > wasn't that difficult to get set up and running. I do remember that > sometimes Samba would have a hard time *creating* the machine trust > account, so, to get around that, we'd usually create the trust account > manually, then join Samba to it. > > --Mike > > On Aug 26, 2008, at 9:06 AM, Philippe Hanset wrote: > > > All, > > > > We want to move to EAP-PEAP instead of EAP-TTLS (secure W2), > > and try to use the built-in client in Vista and XP. > > We use RADIATOR for RADIUS and have two identical back end > > directories: > > LDAP and Active Directory. > > > > Considering the hashing issue that MSchapV2 introduces we want to > > authenticate against AD. But our AD admin is giving us a hard time. > > He wants us to join his domain and do NTSM/Kerberos. > > This involes a lot of SAMBA and I'm more of a Tango guy! > > > > Is there a better way with UNIX Based RADIUS (RADIATOR in our case)? > > > > Thank you in advance, > > > > Philippe > > > > ---------------------------------- > > Philippe Hanset > > University of Tennessee, Knoxville > > Office of Information Technology > > Network Services > > 108 James D Hoskins Library > > 1400 Cumberland Ave > > Knoxville, TN 37996 > > Tel: 1-865-9746555 > > ---------------------------------- > > > > ********** > > Participation and subscription information for this EDUCAUSE > > Constituent Group discussion list can be found at > > http://www.educause.edu/groups/ > > . > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
