Active Directory + LDAP

Stefan Winter freeradius-users-ml at
Mon Jul 11 10:05:36 CEST 2005


I am currently configuring a setup where an AD server is used to authenticate 
users via password _and_ supplemental attributes.
So far I think I figured out that I need to use mschap {} with ntlm_auth to 
verify the password, but would need to use the ldap {} module to get the 
checkItems and replyItems I need to do the supplemental checking, and do the 
actual checking in the users file. Is that right?
Secondly, I would like to use clear-text passwords in the Access-Request 
packets. Would the mschap module figure out things right automagically? As I 
see it, it only gets active and sets Auth-Type to MS-CHAP when it sees a 
Challenge in the Access-Request. Could this be one of the rare cases where I 
have to set Auth-Type manually (to MS-CHAP) get ntlm_auth running?


Stefan Winter


Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingénieur de recherche

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter at     tél.:     +352 424409-1               fax:      +352 422473

More information about the Freeradius-Users mailing list