Authenticating CHAP-Password to Pam (Kerberos 5 to AD)
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jan 27 16:18:59 CET 2006
Patrick Bartkus wrote:
> Please tell me someone has fixed this problem.
>
> I'm trying to authenticate an Ascend MAX dial-up server back to Windows
> Active Directory.
>
> I am using a local unix group for authorization.
>
> I have Pam set up on my system and it uses Kerberos 5 to authenticate to
> AD just fine.
>
> But I'm getting:
> auth: type "PAM"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> rlm_pam: Attribute "User-Password" is required for authentication.
> Cannot use "CHAP-Password".
> modcall[authenticate]: module "pam" returns invalid for request 0
>
> I did some checking and found this posting from 2003 basically saying it
> can't be done:
> http://www.mail-archive.com/freeradius-users@lists.cistron.nl/msg19439.html
>
> I do have other options other than the Windows Domain authentication,
> but I was not wanting to pursue them unless I had to.
>
> Has this been solved or am I SOL?
It is not a code bug. It is a fundamental feature of the algorithm. It
*cannot* be solved. You are, as you put it, SOL.
More information about the Freeradius-Users
mailing list