Active Directory + LDAP
Alan DeKok
aland at ox.org
Wed Jul 13 17:13:49 CEST 2005
<martin.p.bradley at bt.com> wrote:
> Could someone explain why we have to use samba to authenticate
> against active directory. Is there any other way to authenticate
> MS-CHAP attributes against active directory without using samba.
Because Active Directory doesn't allow FreeRADIUS to see the
passwords through the normal LDAP interface.
FreeRADIUS can pass the MSCHAP attributes to Samba, though, which
can use them to do a "domain login", and get a pass/fail response.
If you could figure out how to do MSCHAP to a Windows domain
*without* using Samba, I would love to see it.
Alan DeKok.
More information about the Freeradius-Users
mailing list