Active Directory + LDAP
martin.p.bradley at bt.com
martin.p.bradley at bt.com
Wed Jul 13 11:41:49 CEST 2005
Folks,
Could someone explain why we have to use samba to authenticate against active directory. Is there any other way to authenticate MS-CHAP attributes against active directory without using samba.
I don't have anything against samba, its just another thing to configure and learn that I could do without learning about.
Regards,
Martin
-----Original Message-----
From: freeradius-users-bounces at lists.freeradius.org [mailto:freeradius-users-bounces at lists.freeradius.org] On Behalf Of Stefan Winter
Sent: 13 July 2005 10:33
To: FreeRadius users mailing list
Subject: Re: Active Directory + LDAP
Hello,
> > Secondly, I would like to use clear-text passwords in the Access-Request
> > packets. Would the mschap module figure out things right automagically?
>
> No. For that, you can list ldap in the authenticate section.
>
> > As I see it, it only gets active and sets Auth-Type to MS-CHAP when
> > it sees a Challenge in the Access-Request. Could this be one of the
> > rare cases where I have to set Auth-Type manually (to MS-CHAP) get
> > ntlm_auth running?
>
> You may set Auth-Type, but don't set it to MSCHAP. Set it to LDAP.
authorize {
mschap
ldap
files
}
and
authenticate {
Auth-Type LDAP {
ldap
}
}
right? Or would the mschap module be completely obsolete in this case? But
then I don't understand why so many people complain that auth against Active
Directory doesn't work with the LDAP module?
Startled greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter at restena.lu tél.: +352 424409-1
http://www.restena.lu fax: +352 422473
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list