Issues authenticating vs 2003 AD
Alan DeKok
aland at ox.org
Wed Aug 17 21:14:00 CEST 2005
Tim P <panterafreak at gmail.com> wrote:
> I am handing off a qurest from pppd to radius and am failing with a
> valid user in the domain.
No.
The server is failing because it doesn't have a clear-text password.
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
The LDAP module doesn't get a clear-text password from AD, so the
server can't authenticate the user.
> Any ideas? Both mschap and chap are enabled in the radiusd.conf
AD won't give the server clear-text passwords. So doing CHAP to AD
is *impossible*.
You CAN use MS-CHAP, but for that you've got to configure ntlm_auth.
Remember, AD is *not* and LDAP server. It just pretends to be one
sometimes.
Alan DeKok.
More information about the Freeradius-Users
mailing list