cleartext passwords against Active Directory

Alan DeKok aland at deployingradius.com
Wed Sep 24 12:02:49 CEST 2008


Leese, MJ (Mark) wrote:
> I need to authenticate employees at my lab onto our wireless network
> using a Captive Portal and our corporate database (Active Directory).
> The Access-Request from the Captive Portal contains a cleartext password
> but our Active Directory does not store cleartext passwords. Can someone
> please tell me what options I have? Is it possible to use rlm_krb, for
> example?

  That can be done, but I wouldn't suggest it.  Just use LDAP "bind as
user".  It should work.

> Someone suggested I could authenticate the user with an LDAP bind, but I
> don't see how this would work.

  It works.  FreeRADIUS supplies the clear-text password to AD, and it
returns "Ok/fail".

> I'm running FreeRADIUS 1.1.4 but I can update to a newer version any
> time.

  For this, you shouldn't need to upgrade.  But it's still likely not a
bad idea.

  Alan DeKok.



More information about the Freeradius-Users mailing list