Authenticating users on routers/switches using FreeRadius/Active Directory

Do any of you guys have experience setting up a FreeRadius server to query a windows AD server for user authentication on router/switches? I'm trying to figure out how to get the FreeRadius box to query the domain controller without joining the FreeRadius server to the domain (i'm forced to do it this way due to security policies in place)

Any help/guidance would be much appreciated.

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

Bl8ckr0uter

Why don't you just use IAS or Network policy server built into server 2003 or 2008?
Understanding the new Windows Server 2008 Network Policy Server

At any rate, this looks promising:
FreeRADIUS Active Directory Integration HOWTO

So does this:
http://deployingradius.com/documents/configuration/active_directory.html

pham0329

Not sure about FreeRadius, but there's tons of guides out there for NPS/Microsoft Radius...why don't you use that instead?

edit: Oooh, Bl8ckr0uter beat me to it!

DPG

Edit: Too slow...

Seems rather straight-forward.

FreeRADIUS Active Directory Integration HOWTO

vinbuck

Bl8ckr0uter wrote: »

Why don't you just use IAS or Network policy server built into server 2003 or 2008?
Understanding the new Windows Server 2008 Network Policy Server

At any rate, this looks promising:
FreeRADIUS Active Directory Integration HOWTO

So does this:
Deploying RADIUS: Configuring Authentication with Active Directory

Windows isn't an option...we looked at that but it won't work for non-technical reasons I can't go into online. I've been working on the Free Radius Active Directory integration using the guide you posted with Fedora 14 x64 and it is anything but straightforward - and i'm no stranger to Linux (we've got about 30 Linux servers just to support to network). Samba has be setup correctly and certain versions of FreeRadius don't work well with AD and it's been a general PITA.