6 Jul
2006
6 Jul
'06
10:57 a.m.
Alan DeKok wrote:
Luke <freeradius@luke.bpa.nu> wrote:
Unfortunately I need to support CHAP because it is used by an external global Dial-Up provider which the freeradius machine is authenticating for.
If the passwords are in AD your ONLY choice is to use IAS, and even then, only if ALL of the passwords are stored via what they call "using reversible encryption".
Thanks Alan - looks like it is not possible (we do not want to use IAS and store passwords using reversible encryption - which would also mean resetting every user's password). I'm going to need to talk to our global dial-up provider to see if they can send the radius request using anything other than CHAP if possible. Thanks again, Luke