Auth Against AD without CHAP/PEAP
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jan 12 00:29:13 CET 2007
Tim_Crouch at uttyler.edu wrote:
> Is it possible to use freeradius to authenticate against Active Directory
> without using CHAP or PEAP? I have found directions to do this with
> supplicants using peap etc. but I don't want to use supplicants. I am
> currently using freeradius to auth against LDAP with out a problem (for my
> wireless network). I have made changes in radiusd.conf (basically
> replacing my LDAP entries with the corresponding AD entry) to try to auth
> agains AD, but it does not look as if it can read the password. Is anyone
> else doing this? And if so, how?
No. AD doesn't give you the password.
The only things you can do are:
1) authenticate PAP request by doing an LDAP simple bind against AD.
2) use the "ntlm_auth" helper of the "mschap" module with Samba joined
into the domain
More information about the Freeradius-Users
mailing list