Active Directory + LDAP
Stefan Winter
freeradius-users-ml at stefan-winter.de
Mon Jul 11 10:05:36 CEST 2005
Hello,
I am currently configuring a setup where an AD server is used to authenticate
users via password _and_ supplemental attributes.
So far I think I figured out that I need to use mschap {} with ntlm_auth to
verify the password, but would need to use the ldap {} module to get the
checkItems and replyItems I need to do the supplemental checking, and do the
actual checking in the users file. Is that right?
Secondly, I would like to use clear-text passwords in the Access-Request
packets. Would the mschap module figure out things right automagically? As I
see it, it only gets active and sets Auth-Type to MS-CHAP when it sees a
Challenge in the Access-Request. Could this be one of the rare cases where I
have to set Auth-Type manually (to MS-CHAP) get ntlm_auth running?
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter at restena.lu tél.: +352 424409-1
http://www.restena.lu fax: +352 422473
More information about the Freeradius-Users
mailing list