Active Directory + LDAP

martin.p.bradley at martin.p.bradley at
Wed Jul 13 11:41:49 CEST 2005


Could someone explain why we have to use samba to authenticate against active directory.  Is there any other way to authenticate MS-CHAP attributes against active directory without using samba.

I don't have anything against samba, its just another thing to configure and learn that I could do without learning about.


-----Original Message-----
From: freeradius-users-bounces at [mailto:freeradius-users-bounces at] On Behalf Of Stefan Winter
Sent: 13 July 2005 10:33
To: FreeRadius users mailing list
Subject: Re: Active Directory + LDAP


> > Secondly, I would like to use clear-text passwords in the Access-Request
> > packets. Would the mschap module figure out things right automagically?
>   No.  For that, you can list ldap in the authenticate section.
> >  As I see it, it only gets active and sets Auth-Type to MS-CHAP when
> > it sees a Challenge in the Access-Request. Could this be one of the
> > rare cases where I have to set Auth-Type manually (to MS-CHAP) get
> > ntlm_auth running?
>   You may set Auth-Type, but don't set it to MSCHAP.  Set it to LDAP.

authorize {


authenticate {
       Auth-Type LDAP {

right? Or would the mschap module be completely obsolete in this case? But 
then I don't understand why so many people complain that auth against Active 
Directory doesn't work with the LDAP module?

Startled greetings,

Stefan Winter


Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingénieur de recherche

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter at     tél.:     +352 424409-1               fax:      +352 422473

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list