MS-CHAP, LDAP, ADS
Alan DeKok
aland at ox.org
Thu Feb 9 23:28:48 CET 2006
"Elizabeth Palomino" <liz at unixgrrl.net> wrote:
> I have poked about on google and read several how to's. Is it
> possible using any authentication module ( rlm_pam,rlm_ldap...) To
> authenticate a connection from a client using CHAP or MS-CHAP to an
> Active Directory Server (TM) *cough*.
MS-CHAP yes, CHAP no.
> LDAP -->ADS
> Error:
> User-Password is Required for authentication. Cannot use "CHAP-Password"
It's impossible. See ntlm_auth in radiusd.conf for how to do
MS-CHAP to AD.
> 2) Which is a better way to authenticate? ldap,PAM-->Winbind?
I would suggest not using PAM.
> 3) Can I use the ntlm_auth line with the chap
No.
> 4) I have read about peap and eap. Perhaps this would work?
No.
> What I am trying to avoid is having password transmitted clear text
> over the network. Is there perhaps a better Solution?
RADIUS doesn't send the password in clear text over the network.
Alan DeKok.
More information about the Freeradius-Users
mailing list