I have experimented with using LDAP bind before and encountered problems (see link below). One of the responses on the thread said I must use MSCHAPv2 if I do not have plaintext passwords in AD - which I do not:
"Unless you are storing passwords in Active Directory in plain text
or you want to use Kerberos authentication, you will have to use
MSCHAPv2 (or its EAP equivalent, EAP-MSCHAPv2)."
Previous thread relating to LDAP auth:
http://freeradius.1045715.n5.nabble.com/LDAP-Active-Directory-Authentication-Issue-td5724001.html#a5724014
Is this correct? Must I use MSCHAPv2? If so, I guess that goes back to my original question.
Many thanks
-Luke