FreeRADIUS Active Directory Integration HOWTO

This document describes how to set up FreeRADIUS server in order to authenticate Windows XP network users transparently against Active Directory. It is a step by step 'quick & dirty' guide to configure FreeRADIUS server, network Access Points and WindowsXP supplicants. FreeRADIUS offers authentication via port based access control. A user can connect to the network only if its credentials have been validated by the authentication server. User credentials are verified by using special authentication protocols which belong to the 802.1X standard.

Network access is only granted to the workstation if the user credentials have been authenticated by the FreeRADIUS server. Otherwise the switch port will be down for any network traffic. The RADIUS server is allowed to contact the domain controller for user authentication. Although the switch port is down, the workstation can communicate with the RADIUS server via an authentication protocol. The RADIUS server is able to check on the domain controller if the user exists and if its password is correct. If this is the case, the RADIUS server tells the switch to open the port and the user will get access to the network.