I just wanted to confirm what I have researched and found to be 'not feasible'. Using CHAP authentication with Microsoft Active Directory is not possible without modifying the Active Directory to store a plain-text version of the password. MS-CHAP is an option but must be supported on the client end, using ntlm_auth. I ask as I am trying to persue the path of getting the end client to use PAP, but wanted to get my facts straight first. Thanks
Hi,
MS-CHAP is an option but must be supported on the client end, using ntlm_auth.
ntlm_auth needs to run on the server that also runs FreeRADIUS, because FreeRADIUS passes the credentials to ntlm_auth, which will then do the job (i.e. talk to AD and verify the credentials). The client does not have to know anything about ntlm_auth. It just needs to talk MS-CHAP. Greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche - Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg
participants (2)
-
duckeo -
Stefan Winter