CHAP and Windows 2003 AD LDAP

Stefan Winter stefan.winter at
Wed Jul 5 16:02:00 CEST 2006


> I'm trying to get a freeradius server (v1.0.1) to work with CHAP and

How about 1.1.2? Upgrading is easy, and it fixes at least one security bug.

> querying a Windows 2003 Active Directory server using LDAP.
> I've got LDAP working for PAP queries, but CHAP comes back with the
> "rlm_chap: Could not find clear text password".

AD and LDAP-mode don't work together. The AD server will not give away the 
user's attribute. If you want CHAP to work, you will need to use ntlm_auth. 
That's more work, but possible. Several people keep asking how this works 
every once in a while on this list, searching the archives and the FR website 
will help you get along. There's also a great tutorial on the topic, which is 
referenced here quite often by Charles Schwartz, see the archives for that 
one as well.



Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at     Tel.:     +352 424409-1                Fax:      +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list