[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Freeradius in dmz (not joined to AD) and authorization from AD LDAP
From:       Matthew Newton <matthew () newtoncomputing ! co ! uk>
Date:       2017-04-25 8:06:17
Message-ID: 4DB8D848-F142-42F2-A621-79C0922B9E01 () newtoncomputing ! co ! uk
[Download RAW message or body]

On 25 April 2017 08:45:49 BST, chose <chose@ajetaci.cz> wrote:
> is it able to authorize users from Windows AD LDAP from Freeradius in 
> DMZ zone without joining AD (security reasons).

Yes, with limitations, depending on your situation.

> I found that there is 
> problem with passwords hash, freeradius gets password in mschapv2

Because AD won't give you the password hash in the LDAP response, the only option you \
have got is to attempt to bind, which needs a clear password. So doing this means \
you're limited to PAP based methods.


-- 
Matthew

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]