Thought it was configured, I beleive I have tested it positive in the past, I want to use ntlm_auth, I had this in there and had tested it as far as i know: Radius.conf ldap { server = "domcon.company.org" basedn = "dc=company,dc=org" filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})" password_attribute = "userPassword" identity = "cn=administrator,cn=Users,dc=company,dc=org" password = password Will this not work, if not how to config the ntml? On 8/17/05, Alan DeKok <aland@ox.org> wrote:
Tim P <panterafreak@gmail.com> wrote:
I am handing off a qurest from pppd to radius and am failing with a valid user in the domain.
No.
The server is failing because it doesn't have a clear-text password.
rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory...
The LDAP module doesn't get a clear-text password from AD, so the server can't authenticate the user.
Any ideas? Both mschap and chap are enabled in the radiusd.conf
AD won't give the server clear-text passwords. So doing CHAP to AD is *impossible*.
You CAN use MS-CHAP, but for that you've got to configure ntlm_auth.
Remember, AD is *not* and LDAP server. It just pretends to be one sometimes.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html