Re: openser and AD
Artur Hayne <arturhayne@yahoo.com.br> wrote:
> I have a big problem that seams dont have solution. I have a openser
> server that should autenticated the users from Active Directory
> trough the FreeRadius. The session of FreeRadius and Active
> Directory is stablished, but when the user try autenticate, its dont
> work.
Active Directory does not supply clear-text passwords to FreeRADIUS.
In many cases, Active Directory doesn't *have* the clear-text passwords.
Digest authentication is impossible when the passwords are in Active
Directory. Sorry.
> I see in some tutorials show how authenticate in a domain to use one
> tool called ntlm_auth, but it seams that only work with the mschap
> protocol, and the openser uses the digest.
Yes. ntlm_auth will not help you.
> What to do? Any ideia?
Use another database, like OpenLDAP or MySQL. Active Directory is
responsible for making Digest authentication impossible.
> Its necessarily to do some configuration in the users or another files?
No. There is NOTHING you can do except use another database.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.