"Elizabeth Palomino" <liz@unixgrrl.net> wrote:
I have poked about on google and read several how to's. Is it possible using any authentication module ( rlm_pam,rlm_ldap...) To authenticate a connection from a client using CHAP or MS-CHAP to an Active Directory Server (TM) *cough*.
MS-CHAP yes, CHAP no.
LDAP -->ADS Error: User-Password is Required for authentication. Cannot use "CHAP-Password"
It's impossible. See ntlm_auth in radiusd.conf for how to do MS-CHAP to AD.
2) Which is a better way to authenticate? ldap,PAM-->Winbind?
I would suggest not using PAM.
3) Can I use the ntlm_auth line with the chap
No.
4) I have read about peap and eap. Perhaps this would work?
No.
What I am trying to avoid is having password transmitted clear text over the network. Is there perhaps a better Solution?
RADIUS doesn't send the password in clear text over the network. Alan DeKok.