PEAP MSCHAP2 Freeradius Active Directory

Alan DeKok aland at
Wed Jun 28 23:01:54 CEST 2006

"Neal S. Garber" <neal at> wrote:
> The doc. states that LDAP only supports PAP.  Is this a problem given he 
> said he's using PEAP/MSCHAPv2?  How would LDAP do the authentication if it 
> doesn't have a clear text password?  Or is the approach to use MSCHAPv2 for 
> authentication and then LDAP for authorization??

  Answers are no, it doesn't, and yes.

  AD is fine for LDAP lookups, so long as you don't need the password.
So LDAP group checking works.

  Alan DeKok.

More information about the Freeradius-Users mailing list