none
Is it possible to configure NPS for OpenLdap server

    問題

  • I want to authenticate a radius client from OpenLdap server via radius server(NPS). Is it possible to configure NPS for Openldap server for authentication, means whenever radius client request, it goes to radius server(NPS) and from radius server it goes to Openldap server.

    If it is possible to configure NPS for openLdap, please let me know.

    2012年6月25日 上午 07:10

解答

  • Hi Arun Parmar,

    Thanks for posting here.

    Yes, you are correct ,the NPS proxy will forward the requests to a RADIUS server that can work with a database but NPS is unable to work with cos NPS only supports to use a Windows NT Server 4.0 domain, an AD DS domain, or the local SAM user accounts database as user account database for access clients.

    So in this case ,please have a third part RADIUS sever which can read information from Openldap .

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • 已提議為解答 Tiger Li 2012年6月28日 上午 01:03
    • 已標示為解答 Tiger Li 2012年6月28日 上午 06:59
    2012年6月27日 上午 03:18
  • Hi Tiger Li,

    Thanks for replying,

    So it means we can not configure NPS for OpenLdap server to authenticate radius client. I have to use other radius server for that.

    Thanks & Regards

    Arun Parmar

    • 已標示為解答 Tiger Li 2012年6月28日 上午 06:59
    2012年6月28日 上午 03:24

所有回覆

  • Hello,

    foe NPS please ask in http://social.technet.microsoft.com/Forums/en/winserverNIS/threads and for OpenLDAP please use a forum dedicated to OpenLDAP.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    2012年6月25日 上午 07:53
  • I want to authenticate a radius client from OpenLdap server via radius server(NPS) in windows server 2008. Is it possible to configure NPS for Openldap server for authentication, means whenever radius client request, it goes to radius server(NPS) and from radius server it goes to Openldap server.

    If it is possible to configure NPS for openLdap, please let me know.

    • 已合併 Tiger Li 2012年6月26日 上午 12:43
    2012年6月25日 上午 08:57
  • Hi Arun Parmar,


    Thanks for posting here.

    We might want to deploy a RADIUS/NPS proxy server to forward the incoming requests to Openldap server for authentication :

    You want to perform authentication and authorization by using a database that is not a Windows account database. In this case, connection requests that match a specified realm name are forwarded to a RADIUS server, which has access to a different database of user accounts and authorization data. Examples of other user databases include Novell Directory Services (NDS) and Structured Query Language (SQL) databases<//span>

    RADIUS Proxy

    http://technet.microsoft.com/en-us/library/cc731320.aspx

    Planning NPS as a RADIUS proxy

    http://technet.microsoft.com/en-us/library/dd197525(WS.10).aspx

    Please also consult with support service of Openldap first and see if they support to let this software work with Windows RADIUS service.

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    2012年6月26日 上午 06:04
  • Hi Tiger li

    Thanks for reply.

    As RADIUS proxy, NPS forwards authentication and accounting messages to other RADIUS servers. So i think it is not possible to send the incoming request to Openldap server for authentication with NPS proxy. Please correct me if I am wrong.

    just for example: I tried a scenario like a radius client(ruggedcom switch) send authentication request to radius server(FreeRadius), which is configured to forward request to openldap and openLdap process the request and reply as authenticated. So my question is if some configuration is there by which I can configure NPS server or NPS proxy to authenticate via OpenLdap. Please let me know, I want to check the same scenario by replacing freeRadius with NPS.

    • 已提議為解答 Tiger Li 2012年6月28日 上午 01:03
    2012年6月26日 上午 10:46
  • Hi Arun Parmar,

    Thanks for posting here.

    Yes, you are correct ,the NPS proxy will forward the requests to a RADIUS server that can work with a database but NPS is unable to work with cos NPS only supports to use a Windows NT Server 4.0 domain, an AD DS domain, or the local SAM user accounts database as user account database for access clients.

    So in this case ,please have a third part RADIUS sever which can read information from Openldap .

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • 已提議為解答 Tiger Li 2012年6月28日 上午 01:03
    • 已標示為解答 Tiger Li 2012年6月28日 上午 06:59
    2012年6月27日 上午 03:18
  • Hi Tiger Li,

    Thanks for replying,

    So it means we can not configure NPS for OpenLdap server to authenticate radius client. I have to use other radius server for that.

    Thanks & Regards

    Arun Parmar

    • 已標示為解答 Tiger Li 2012年6月28日 上午 06:59
    2012年6月28日 上午 03:24