cleartext passwords against Active Directory
Hi, I need to authenticate employees at my lab onto our wireless network using a Captive Portal and our corporate database (Active Directory). The Access-Request from the Captive Portal contains a cleartext password but our Active Directory does not store cleartext passwords. Can someone please tell me what options I have? Is it possible to use rlm_krb, for example? I have used our RADIUS server to authenticate users against our Active Directory, but this was with ntlm_auth for users using 802.1X and MS-CHAP. Someone suggested I could authenticate the user with an LDAP bind, but I don't see how this would work. I'm running FreeRADIUS 1.1.4 but I can update to a newer version any time. Please help. I am running out of hair :) Thanks in advance, Mark.
Leese, MJ (Mark) wrote:
I need to authenticate employees at my lab onto our wireless network using a Captive Portal and our corporate database (Active Directory). The Access-Request from the Captive Portal contains a cleartext password but our Active Directory does not store cleartext passwords. Can someone please tell me what options I have? Is it possible to use rlm_krb, for example?
That can be done, but I wouldn't suggest it. Just use LDAP "bind as user". It should work.
Someone suggested I could authenticate the user with an LDAP bind, but I don't see how this would work.
It works. FreeRADIUS supplies the clear-text password to AD, and it returns "Ok/fail".
I'm running FreeRADIUS 1.1.4 but I can update to a newer version any time.
For this, you shouldn't need to upgrade. But it's still likely not a bad idea. Alan DeKok.
participants (2)
-
Alan DeKok -
Leese, MJ (Mark)