Authentication with Active Directory with CHAP Passwords
Alan DeKok
aland at deployingradius.com
Sat Aug 15 08:21:15 CEST 2009
Luiz Gustavo de Villa Scandelari wrote:
> I would like to receive some help on authentication with AD using CHAP
> Passwords.
http://deployingradius.com/documents/protocols/compatibility.html
It's impossible. Use a real LDAP server.
> I suppose that happens because I cannot read the AD user password,
> right?
Yes.
> The important is that works with LDAP authentication.
No. It works with *clear-text password* authentication.
> The problem
> is that I have a system that sends Access-Requests with Username and
> CHAP-Passwords (CoovaChilli), so radius authorize the user but cannot
> authenticate it.
Then fix it to send User-Password.
>
>
> I´ve already read the Allan´s webpage
> (http://deployingradius.com/documents/configuration/active_directory.html)
> about integration of AD and RADIUS but I still have some questions. Can
> I use CHAP with SAMBA ntlm_auth method
The web page lists what's possible. Using Samba won't help.
> or should i need to change the
> password encryption to another protocol such as PAP or MS-CHAP? If I
> modify the coovachilli to send PAP passwords, am I going to be able to
> use ldap for authorization and authentication or do I need just plain?
You will be able to use LDAP is Chilli sends PAP requests.
Alan DeKok.
More information about the Freeradius-Users
mailing list