[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Freeradius in dmz (not joined to AD) and authorization from AD LDAP
From: Matthew Newton <matthew () newtoncomputing ! co ! uk>
Date: 2017-04-25 8:06:17
Message-ID: 4DB8D848-F142-42F2-A621-79C0922B9E01 () newtoncomputing ! co ! uk
[Download RAW message or body]
On 25 April 2017 08:45:49 BST, chose <chose@ajetaci.cz> wrote:
> is it able to authorize users from Windows AD LDAP from Freeradius in
> DMZ zone without joining AD (security reasons).
Yes, with limitations, depending on your situation.
> I found that there is
> problem with passwords hash, freeradius gets password in mschapv2
Because AD won't give you the password hash in the LDAP response, the only option you \
have got is to attempt to bind, which needs a clear password. So doing this means \
you're limited to PAP based methods.
--
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic