Luiz Gustavo de Villa Scandelari wrote:
I would like to receive some help on authentication with AD using CHAP Passwords.
http://deployingradius.com/documents/protocols/compatibility.html It's impossible. Use a real LDAP server.
I suppose that happens because I cannot read the AD user password, right?
Yes.
The important is that works with LDAP authentication.
No. It works with *clear-text password* authentication.
The problem is that I have a system that sends Access-Requests with Username and CHAP-Passwords (CoovaChilli), so radius authorize the user but cannot authenticate it.
Then fix it to send User-Password.
I´ve already read the Allan´s webpage (http://deployingradius.com/documents/configuration/active_directory.html) about integration of AD and RADIUS but I still have some questions. Can I use CHAP with SAMBA ntlm_auth method
The web page lists what's possible. Using Samba won't help.
or should i need to change the password encryption to another protocol such as PAP or MS-CHAP? If I modify the coovachilli to send PAP passwords, am I going to be able to use ldap for authorization and authentication or do I need just plain?
You will be able to use LDAP is Chilli sends PAP requests. Alan DeKok.