Authenticating CHAP-Password to Pam (Kerberos 5 to AD)

Patrick Bartkus patrckb at gmail.com
Fri Jan 27 12:59:09 CET 2006


Please tell me someone has fixed this problem.

I'm trying to authenticate an Ascend MAX dial-up server back to Windows
Active Directory.

I am using a local unix group for authorization.

I have Pam set up on my system and it uses Kerberos 5 to authenticate to AD
just fine.

But I'm getting:
auth: type "PAM"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_pam: Attribute "User-Password" is required for authentication.  Cannot
use "CHAP-Password".
  modcall[authenticate]: module "pam" returns invalid for request 0

I did some checking and found this posting from 2003 basically saying it
can't be done:
http://www.mail-archive.com/freeradius-users@lists.cistron.nl/msg19439.html

I do have other options other than the Windows Domain authentication, but I
was not wanting to pursue them unless I had to.

Has this been solved or am I SOL?

Patrick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060127/c6715aec/attachment.html>


More information about the Freeradius-Users mailing list