May I only use rlm_ldap to authenticate against Active Directory? (without samba + winbind + ntlm_auth)
p.mayers at imperial.ac.uk
Mon Mar 1 10:32:06 CET 2010
On 03/01/2010 09:14 AM, Tong Anh Quan wrote:
> Hi all,
> Can someone give me a confirmation?
> Details below:
> - In modules/ldap, I configures:
> - In modules/pap, I changed the auto_header option to "yes".
> - In eap.conf,
> + Set the default_eap_type = mschapv2 in peap section
You cannot authenticate MS-CHAP against the AD LDAP server - only PAP.
You need to use Samba/winbind/ntlm_auth to authenticate MS-CHAP against AD.
More information about the Freeradius-Users