MS-CHAP, LDAP, ADS

Elizabeth Palomino liz at unixgrrl.net
Thu Feb 9 19:39:44 CET 2006


Greetings,

I have poked about on google and read several how to's. Is it possible using any authentication module ( rlm_pam,rlm_ldap...) To authenticate a connection from a client using CHAP or MS-CHAP to an Active Directory Server (TM) *cough*. 

I can authenticate just fine with cleartext to the radius server using 

PAM---Winbind -->ADS
Gives the same error as below

LDAP -->ADS
Error:
User-Password is Required for authentication. Cannot use "CHAP-Password"


Looking at the debug output I see the request with the CHAP-Password. I am now thoroughly confused. I had this working with a mirapoint (LDAP server), Any ideas on getting chap-pap authentication working against an ADS server.

To Summarize:

1) What should the users file contain?

2) Which is a better way to authenticate? ldap,PAM-->Winbind?

3) Can I use the ntlm_auth line with the chap 

4) I have read about peap and eap. Perhaps this would work?

5) Is there a good freeradius book you would recommend?


Heck, I'll even volunteer to write a howto on it! (I write heaps of documentation).

What I am trying to avoid is having password transmitted clear text over the network. Is there perhaps a better Solution?

Thanks!





More information about the Freeradius-Users mailing list