Active Directory + LDAP
Alan DeKok
aland at ox.org
Mon Jul 11 18:38:38 CEST 2005
Stefan Winter <freeradius-users-ml at stefan-winter.de> wrote:
> So far I think I figured out that I need to use mschap {} with ntlm_auth to
> verify the password, but would need to use the ldap {} module to get the
> checkItems and replyItems I need to do the supplemental checking, and do the
> actual checking in the users file. Is that right?
Yes.
> Secondly, I would like to use clear-text passwords in the Access-Request
> packets. Would the mschap module figure out things right automagically?
No. For that, you can list ldap in the authenticate section.
> As I see it, it only gets active and sets Auth-Type to MS-CHAP when
> it sees a Challenge in the Access-Request. Could this be one of the
> rare cases where I have to set Auth-Type manually (to MS-CHAP) get
> ntlm_auth running?
You may set Auth-Type, but don't set it to MSCHAP. Set it to LDAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list