<div dir="ltr"><div>I have experimented with using LDAP bind before and encountered problems (see link below). One of the responses on the thread said I must use MSCHAPv2 if I do not have plaintext passwords in AD - which I do not:<br>
<br>         "Unless you are storing passwords in Active Directory in plain text 
or you want to use Kerberos authentication, you will have to use 
MSCHAPv2 (or its EAP equivalent, EAP-MSCHAPv2)."<br><br>Previous thread relating to LDAP auth: <a href="http://freeradius.1045715.n5.nabble.com/LDAP-Active-Directory-Authentication-Issue-td5724001.html#a5724014">http://freeradius.1045715.n5.nabble.com/LDAP-Active-Directory-Authentication-Issue-td5724001.html#a5724014</a><br>
<br></div><div>Is this correct? Must I use MSCHAPv2? If so, I guess that goes back to my original question.<br><br>Many thanks<br>-Luke<br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jan 28, 2014 at 10:22 AM, arr2036 [via FreeRADIUS] <span dir="ltr"><<a href="mailto:ml-node+s1045715n5724717h88@n5.nabble.com" target="_blank">ml-node+s1045715n5724717h88@n5.nabble.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">

        <br>On 28 Jan 2014, at 09:50, Luke Ramsden <<a href="http://user/SendEmail.jtp?type=node&node=5724717&i=0" rel="nofollow" link="external" target="_blank">[hidden email]</a>> wrote:
<br><br>> I have my shared secrets set in clients.conf and then on the cisco switch
<br>> using the 'radius-server' command:
<br>> <a href="http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001000" rel="nofollow" link="external" target="_blank">http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrad.html#wp1001000</a><br>
> 
<br>> Is this hard-coded approach incorrect? When I view the radiusd -X output
<br>> for a PAP request I dont have to get the shared secret right as its already
<br>> there. Hope that makes sense.
<br><br></div>Yes, it's fine to hardcode your shared secrets.
<br>Yes, you'll see the cleartext password if running in debugging mode.
<br><br>Arran Cudbard-Bell <<a href="http://user/SendEmail.jtp?type=node&node=5724717&i=1" rel="nofollow" link="external" target="_blank">[hidden email]</a>>
<br><div class="im">FreeRADIUS Development Team
<br><br>FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
<br><br><br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" rel="nofollow" link="external" target="_blank">http://www.freeradius.org/list/users.html</a></div><div><br><div class="im"><img src="http://freeradius.1045715.n5.nabble.com/images/icon_attachment.gif"> <strong>signature.asc</strong> (899 bytes) <a href="http://freeradius.1045715.n5.nabble.com/attachment/5724717/0/signature.asc" rel="nofollow" link="external" target="_blank">Download Attachment</a></div>
</div>

        
        
        
        <br>
        <br>
        <hr color="#cccccc" noshade size="1">
        <div style="color:#444;font:12px tahoma,geneva,helvetica,arial,sans-serif"><div class="im">
                <div style="font-weight:bold">If you reply to this email, your message will be added to the discussion below:</div>
                </div><a href="http://freeradius.1045715.n5.nabble.com/SSH-Logins-to-Cisco-Switch-RADIUS-Active-Directory-tp5724701p5724717.html" target="_blank">http://freeradius.1045715.n5.nabble.com/SSH-Logins-to-Cisco-Switch-RADIUS-Active-Directory-tp5724701p5724717.html</a>
        </div><div class="HOEnZb"><div class="h5">
        <div style="color:#666;font:11px tahoma,geneva,helvetica,arial,sans-serif;margin-top:.4em;line-height:1.5em">
                
                To unsubscribe from Users, <a href="http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2740693&code=bHVrZXJtc2RuQGdtYWlsLmNvbXwyNzQwNjkzfDEzNTUwMTYxMDg=" target="_blank">click here</a>.<br>

                <a href="http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml" rel="nofollow" style="font:9px serif" target="_blank">NAML</a>
        </div></div></div></blockquote></div><br></div>