Thanks for the reply.

If I use LDAP bind and PAP would that mean running 'radiusd -X' on the radius server would display users' AD password in plaintext when showing the contents of the Access-Request?

Thanks
-Luke


On 27 Jan 2014, at 21:57, Luke Ramsden <lukermsdn@gmail.com> wrote:

> Hi, I am trying to authenticate SSH logins to my Cisco 3750 switches using RADIUS/Active Directory. I think this means I will need the Cisco switches to send an MSCHAPv2 challenge to the RADIUS server? I am struggling to achieve this and wondered if anyone else had come across this and could offer some advice?
>
> Essentially, all I want is to remotely access the switches on my network using Active Directory credentials. Are there any other/better methods if the above is not possible?

They'll support PAP, in which case you can just use LDAP auth (LDAP Bind) against the AD server. You don't need to use MSCHAPv2.

-Arran

Arran Cudbard-Bell <a.cudbardb@freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html