MS-CHAP, LDAP, ADS
Elizabeth Palomino
liz at unixgrrl.net
Thu Feb 9 19:39:44 CET 2006
Greetings,
I have poked about on google and read several how to's. Is it possible using any authentication module ( rlm_pam,rlm_ldap...) To authenticate a connection from a client using CHAP or MS-CHAP to an Active Directory Server (TM) *cough*.
I can authenticate just fine with cleartext to the radius server using
PAM---Winbind -->ADS
Gives the same error as below
LDAP -->ADS
Error:
User-Password is Required for authentication. Cannot use "CHAP-Password"
Looking at the debug output I see the request with the CHAP-Password. I am now thoroughly confused. I had this working with a mirapoint (LDAP server), Any ideas on getting chap-pap authentication working against an ADS server.
To Summarize:
1) What should the users file contain?
2) Which is a better way to authenticate? ldap,PAM-->Winbind?
3) Can I use the ntlm_auth line with the chap
4) I have read about peap and eap. Perhaps this would work?
5) Is there a good freeradius book you would recommend?
Heck, I'll even volunteer to write a howto on it! (I write heaps of documentation).
What I am trying to avoid is having password transmitted clear text over the network. Is there perhaps a better Solution?
Thanks!
More information about the Freeradius-Users
mailing list