[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] Radius replacement
From: |
Derrick MacPherson |
Subject: |
Re: [Help-gnu-radius] Radius replacement |
Date: |
Wed, 17 Aug 2005 13:20:55 -0700 |
On Wed, 2005-08-17 at 22:25 +0300, Sergey Poznyakoff wrote:
> Derrick MacPherson <address@hidden> wrote:
>
> > Server: Windows 2000 server - all accounts are in AD.
>
> 'AD' means 'active directory', doesn't it?
Yes, Sergey, sorry for being lazy in my typing.
> > - Authentication is determined by membership in a group from the AD,
> > and several machines are allowed to bypass based on IP.
> > - Cisco PIX firewall that's talking to a Windows 2000 RADIUS
> > server. (which I want to replace)
>
> The main problem will be for your radius to access AD. If there is a PAM
> module that is able to do so, you can use it.
ntlm_auth can access the info, I've got squid doing so using:
auth_param ntlm program /usr/local/bin/ntlm_auth \
--helper-protocol=squid-2.5-ntlmssp --require-\
membership-of=S-1-5-21-1058564242-1277044956-825688854-1337\
Domain Group (2)
auth_param basic program /usr/local/bin/ntlm_auth \
--helper-protocol=squid-2.5-basic
Is there a way for gnu-radius to interpert that data?