Active Directory as a user store
Although Microsoft Active Directory includes an LDAP server, using LDAP excludes MS-CHAP authentication. The use of Active Directory as a user store enables the use of PAP and MS-CHAP authentication.
Configuring FreeRADIUS to use Active Directory as a user store consists of two main activities:
- Configure a Samba server and join it to an Active Directory domain.
- Configure FreeRADIUS to call the
ntlm_authbinary to authenticate a user.
Samba is the standard Windows interoperability suite of programs for Linux and UNIX. It is a very mature project, which is in active development (http://www.samba.org/).
In this exercise we will join a Samba server to an Active Directory domain. This Samba server will appear as another Windows server to the Active Directory. The Samba server contains a component called Winbind that solves the unified logon problem (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html).
We will make use of Winbind to allow users...
