Re: question about freeradius, 802.1x with peap, auth via LDAP
This is a discussion on Re: question about freeradius, 802.1x with peap, auth via LDAP within the FreeRADIUS Users forums, part of the Networking and Network Related category; --===============0959420210== Content-Type: multipart/alternative; boundary="----=_Part_28912_18354435.1175704511782" ------=_Part_28912_18354435.1175704511782 Content-Type: text/plain; charset=ISO-8859-1; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-04-2007
|
|||
|
|||
Re: question about freeradius, 802.1x with peap, auth via LDAP
--===============0959420210==
Content-Type: multipart/alternative; boundary="----=_Part_28912_18354435.1175704511782" ------=_Part_28912_18354435.1175704511782 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline 1) Microsoft LDAP isn't like normal ldap, you don't get access to the password. To have freeradius touch the password at any point, it needs to be on the domain and do a ntlm_auth instead of ldap. On 4/4/07, wenny wang <wang.wennywang@gmail.com> wrote: > > Hi, > > I need help/advise with te following scenario: > > 1. I have a freeradius server, this server is not part of Active Directory > Domain, server is able to perform ldapsearch for user account. > > 2. the workstation is a windows 2000 pc, need to be authenticated thru > Cisco catalyst switch to the freeradius server with user's LAN username and > password transparently (peap) > > my question is: > > what is the requirement for radius server, does the server needs to be > part of the Active Directory Domain?, can you direct me to a how to link?, I > have made several configurations but none were successful, please help, > thanks. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > ------=_Part_28912_18354435.1175704511782 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline 1) Microsoft LDAP isn't like normal ldap, you don't get access to the password. To have freeradius touch the password at any point, it needs to be on the domain and do a ntlm_auth instead of ldap.<br><br><br><br> <div><span class="gmail_quote">On 4/4/07, <b class="gmail_sendername">wenny wang</b> <<a href="mailto:wang.wennywang@gmail.com">wang.wennyw ang@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Hi,<br><br>I need help/advise with te following scenario:<br><br>1. I have a freeradius server, this server is not part of Active Directory Domain, server is able to perform ldapsearch for user account.<br><br>2. the workstation is a windows 2000 pc, need to be authenticated thru Cisco catalyst switch to the freeradius server with user's LAN username and password transparently (peap) <br><br>my question is:<br><br>what is the requirement for radius server, does the server needs to be part of the Active Directory Domain?, can you direct me to a how to link?, I have made several configurations but none were successful, please help, thanks. <br> <br>-<br>List info/subscribe/unsubscribe? See <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote> </div><br> ------=_Part_28912_18354435.1175704511782-- --===============0959420210== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --===============0959420210==-- 
|
Linear Mode
