Folks, Could someone explain why we have to use samba to authenticate against active directory. Is there any other way to authenticate MS-CHAP attributes against active directory without using samba. I don't have anything against samba, its just another thing to configure and learn that I could do without learning about. Regards, Martin -----Original Message----- From: freeradius-users-bounces@lists.freeradius.org [mailto:freeradius-users-bounces@lists.freeradius.org] On Behalf Of Stefan Winter Sent: 13 July 2005 10:33 To: FreeRadius users mailing list Subject: Re: Active Directory + LDAP Hello,
Secondly, I would like to use clear-text passwords in the Access-Request packets. Would the mschap module figure out things right automagically?
No. For that, you can list ldap in the authenticate section.
As I see it, it only gets active and sets Auth-Type to MS-CHAP when it sees a Challenge in the Access-Request. Could this be one of the rare cases where I have to set Auth-Type manually (to MS-CHAP) get ntlm_auth running?
You may set Auth-Type, but don't set it to MSCHAP. Set it to LDAP.
authorize { mschap ldap files } and authenticate { Auth-Type LDAP { ldap } } right? Or would the mschap module be completely obsolete in this case? But then I don't understand why so many people complain that auth against Active Directory doesn't work with the LDAP module? Startled greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: stefan.winter@restena.lu tél.: +352 424409-1 http://www.restena.lu fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html