Issues authenticating vs 2003 AD
Tim P
panterafreak at gmail.com
Wed Aug 17 22:43:19 CEST 2005
Thought it was configured, I beleive I have tested it positive in the
past, I want to use ntlm_auth, I had this in there and had tested it
as far as i know:
Radius.conf
ldap {
server = "domcon.company.org"
basedn = "dc=company,dc=org"
filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})"
password_attribute = "userPassword"
identity = "cn=administrator,cn=Users,dc=company,dc=org"
password = password
Will this not work, if not how to config the ntml?
On 8/17/05, Alan DeKok <aland at ox.org> wrote:
> Tim P <panterafreak at gmail.com> wrote:
> > I am handing off a qurest from pppd to radius and am failing with a
> > valid user in the domain.
>
> No.
>
> The server is failing because it doesn't have a clear-text password.
>
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: looking for reply items in directory...
>
> The LDAP module doesn't get a clear-text password from AD, so the
> server can't authenticate the user.
>
> > Any ideas? Both mschap and chap are enabled in the radiusd.conf
>
> AD won't give the server clear-text passwords. So doing CHAP to AD
> is *impossible*.
>
> You CAN use MS-CHAP, but for that you've got to configure ntlm_auth.
>
> Remember, AD is *not* and LDAP server. It just pretends to be one
> sometimes.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list