Active Directory + LDAP

Alan DeKok aland at
Mon Jul 11 18:38:38 CEST 2005

Stefan Winter <freeradius-users-ml at> wrote:
> So far I think I figured out that I need to use mschap {} with ntlm_auth to 
> verify the password, but would need to use the ldap {} module to get the 
> checkItems and replyItems I need to do the supplemental checking, and do the 
> actual checking in the users file. Is that right?


> Secondly, I would like to use clear-text passwords in the Access-Request 
> packets. Would the mschap module figure out things right automagically?

  No.  For that, you can list ldap in the authenticate section.

>  As I see it, it only gets active and sets Auth-Type to MS-CHAP when
> it sees a Challenge in the Access-Request. Could this be one of the
> rare cases where I have to set Auth-Type manually (to MS-CHAP) get
> ntlm_auth running?

  You may set Auth-Type, but don't set it to MSCHAP.  Set it to LDAP.

  Alan DeKok.

More information about the Freeradius-Users mailing list