Anyone well versed in RADIUS solutions? I’m looking for a Windows-based solution that will handle a multiple realm environment like this:

Realm A
A user enters just ‘username’ or ‘username@company.com’ and the server uses locally hosted Active Directory as the basis for authentication. This functionality alone can be handled by Microsoft IAS/NPS. We're actually already doing this, but we're not married to staying with it.

Realm B
A user enters ‘username@parentco.com’ and the server uses a native LDAP directory with different/independent accounts hosted at our Main Campus as the basis for authentication.

It looks like Freeradius may be able to accommodate this type of environment but a) it only runs on *nix and b) it appears to require the use of SAMBA for authenticating against the AD environment.

Another potential option would be for the “Realm B” portion to be a RADIUS proxy that passes the authentication to a RADIUS server hosted at our Main Campus. From what I can tell Microsoft IAS/NPS can act as a RADIUS proxy. What I can’t tell, however, is if it can act as a proxy for only one realm in a multiple realm setup. I don’t want to run two instances of IAS/NPS just to get the “local” side of things working.

Thoughts?

 

Wouldn't the single IAS be able to handle both realms if a trust existed between the two?

 

The "far" side at our Main Campus is not AD. It is a 100% native LDAP directory (Sungard Luminis).

 

I believe you can setup external trusts to LDAP directories that are not AD. I've never tried it though.