CHAP and Windows 2003 AD LDAP
Luke
freeradius at luke.bpa.nu
Thu Jul 6 16:57:01 CEST 2006
Alan DeKok wrote:
>Luke <freeradius at luke.bpa.nu> wrote:
>
>
>>Unfortunately I need to support CHAP because it is used by an external
>>global Dial-Up provider which the freeradius machine is authenticating for.
>>
>>
> If the passwords are in AD your ONLY choice is to use IAS, and even
>then, only if ALL of the passwords are stored via what they call
>"using reversible encryption".
>
>
Thanks Alan - looks like it is not possible (we do not want to use IAS
and store passwords using reversible encryption - which would also mean
resetting every user's password).
I'm going to need to talk to our global dial-up provider to see if they
can send the radius request using anything other than CHAP if possible.
Thanks again,
Luke
More information about the Freeradius-Users
mailing list