Issues authenticating vs 2003 AD

Tim P panterafreak at
Wed Aug 17 22:43:19 CEST 2005

Thought it was configured, I beleive I have tested it positive in the
past, I want to use ntlm_auth, I had this in there and had tested it
as far as i know:

        ldap {
                server = ""
                basedn = "dc=company,dc=org"
                filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"
                password_attribute = "userPassword"
                identity = "cn=administrator,cn=Users,dc=company,dc=org"
                password = password

Will this not work, if not how to config the ntml?

On 8/17/05, Alan DeKok <aland at> wrote:
> Tim P <panterafreak at> wrote:
> > I am handing off a qurest from pppd to radius and am failing with a
> > valid user in the domain.
>   No.
>   The server is failing because it doesn't have a clear-text password.
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: looking for reply items in directory...
>   The LDAP module doesn't get a clear-text password from AD, so the
> server can't authenticate the user.
> > Any ideas?  Both mschap and chap are enabled in the radiusd.conf
>   AD won't give the server clear-text passwords.  So doing CHAP to AD
> is *impossible*.
>   You CAN use MS-CHAP, but for that you've got to configure ntlm_auth.
>   Remember, AD is *not* and LDAP server.  It just pretends to be one
> sometimes.
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list