Active Directory Integration
Ivan Kalik
tnt at kalik.net
Mon Jun 30 15:16:42 CEST 2008
>Because in my database for the User-Name, I have the following
>
>mysql> select * from radcheck ;
>+----+----------------------------------------+-----------+----+---------+
>| id | UserName | Attribute | op | Value |
>+----+----------------------------------------+-----------+----+---------+
>| 10 | TOTO at MYDOMAIN | Auth-Type | := | MS-CHAP |
>+----+----------------------------------------+-----------+----+---------+
>1 row in set (0.00 sec)
Delete that. You can't make a request into mschap by pretending it is
one.
>
>So what I have to do ?
>
Well, what do you want to do? You have created AD integration for mschap
requests via ntlm_auth. That's mainly used for wireless clients that
use PEAP. It's not going to be of great use if your clients are going
to be sending pap requests.
For those you can use (already created) ldap configuration. Retrieve
passwords from AD as NT-Password and (freeradius) pap module will
authenticate them. mschap requests will work with this too.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list