Friday, January 25, 2019

PacketFence, Active Directory, Realms, Usernames, Authentication Sources...pulling my hair out.

I'm playing with PacketFence and Active Directory...and I have some significant knowledge gaps that I'm trying to fill.

I'm trying to understand the relationship between PF, AD, FreeRADIUS "Realms", Usernames (to strip or not to strip and why?), domain join vs. authentication sources.

I have so many questions that I can't seem to find concrete answers on in the PacketFence documentation.

  1. What exactly is a "realm" in terms that an AD administrator can understand? Is a realm equivalent to a "domain" or "workgroup?" Why would I use them over the "DEFAULT" and "NULL" domains?
  2. What exactly is accomplished by linking a Realm to an Active Directory Domain (NTLM Configuration)?
  3. What is accomplished by linking a 'AD' internal source to an 'associated realm'? So Authentication sources are linked to realms and realms are linked to domains?
  4. What is accomplished by username stripping? When would I strip and why?


No comments:

Post a Comment