Re: CHAP and Windows 2003 AD LDAP
Hi Phil,
On 5 Jul 2006, at 17:43, Phil Mayers wrote:
Stefan Winter wrote:
Hi,
I'm trying to get a freeradius server (v1.0.1) to work with CHAP and
How about 1.1.2? Upgrading is easy, and it fixes at least one
security bug.
querying a Windows 2003 Active Directory server using LDAP.
I've got LDAP working for PAP queries, but CHAP comes back with the
"rlm_chap: Could not find clear text password".
AD and LDAP-mode don't work together. The AD server will not give
away the user's attribute. If you want CHAP to work, you will need
to use ntlm_auth.
That is not correct. If you want to use *MS-CHAP* you must use
ntlm_auth (or extract the NT hash another way).
If you want to use CHAP i.e. plain-old chap as implemented by the
rlm_chap module listed above, you MUST have the users plaintext
password which AD does not maintain by default and even if it is
told to, cannot be persuaded to give up.
Any idea how IAS gets hold of it for CHAP?
josh.
Josh Howlett, Networking Specialist, University of Bristol.
email: josh.howlett@bristol.ac.uk | phone: +44 (0)7867 907076 |
internal: 7850
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.