cleartext passwords against Active Directory
Alan DeKok
aland at deployingradius.com
Wed Sep 24 12:02:49 CEST 2008
Leese, MJ (Mark) wrote:
> I need to authenticate employees at my lab onto our wireless network
> using a Captive Portal and our corporate database (Active Directory).
> The Access-Request from the Captive Portal contains a cleartext password
> but our Active Directory does not store cleartext passwords. Can someone
> please tell me what options I have? Is it possible to use rlm_krb, for
> example?
That can be done, but I wouldn't suggest it. Just use LDAP "bind as
user". It should work.
> Someone suggested I could authenticate the user with an LDAP bind, but I
> don't see how this would work.
It works. FreeRADIUS supplies the clear-text password to AD, and it
returns "Ok/fail".
> I'm running FreeRADIUS 1.1.4 but I can update to a newer version any
> time.
For this, you shouldn't need to upgrade. But it's still likely not a
bad idea.
Alan DeKok.
More information about the Freeradius-Users
mailing list