help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Authentication Questions

From: Gerald
Subject: Re: [Help-gnu-radius] Authentication Questions
Date: Mon, 15 Mar 2004 13:47:15 -0500 (EST) 
On Mon, 15 Mar 2004, Roger E McClurg wrote:

> I've been researching the GNU archives, but can't find the answer to my
> questions. Can anyone help me qith the questions below?
>
> *    Can GNU Radius authenticate using Active Directory?

Yes

> If so how?

External script, or PAM + LDAP -> AD

http://www.hut.fi/cc/docs/kerberos/nss_ldap.html
http://www.wlug.org.nz/ActiveDirectoryAuthenticationNotes
http://www.openldap.org/lists/openldap-software/200107/msg00425.html

> *    How do I implement strong encrypted passwords (password dictionary
> checking, upper and lower case and special characters required)?

With AD or just in general? I would think that would be a combination of
making your OS crypt libraries only use the encryption that you want and
use it to speak whatever encryption AD insists upon. LDAP+TLS can be the
secure channel between radius and AD. (If you get that working.)

> *   If I use Crypt_Password with an expiration date, what is the mechanism
> for users changing their password?

This line of questioning is really about managing passwords. This
functionality isn't built in to gnu-radius and is typically different for
every case. In Active Directory I would expect a windows solution to
manage the passwords. If you chose system passwords, then you will need
some sort of script or shell access. If you database the back end in
Mysql/Postgres/whatever then you can write just about anything to
maintain the passwords.

HTH

Gerald
reply via email to
[Prev in Thread] Current Thread [Next in Thread]