Stefan Winter wrote:
Hi,I'm trying to get a freeradius server (v1.0.1) to work with CHAP andHow about 1.1.2? Upgrading is easy, and it fixes at least one security bug.querying a Windows 2003 Active Directory server using LDAP. I've got LDAP working for PAP queries, but CHAP comes back with the "rlm_chap: Could not find clear text password".AD and LDAP-mode don't work together. The AD server will not give away the user's attribute. If you want CHAP to work, you will need to use ntlm_auth.
That is not correct. If you want to use *MS-CHAP* you must use ntlm_auth (or extract the NT hash another way).
If you want to use CHAP i.e. plain-old chap as implemented by the rlm_chap module listed above, you MUST have the users plaintext password which AD does not maintain by default and even if it is told to, cannot be persuaded to give up.