FW: MS AD / OpenLDAP with PAP - is it really not possible ?

Alan DeKok aland at deployingradius.com
Thu May 20 19:19:40 CEST 2010


Pawel Cieplinski wrote:
> I have got application that allow only to authenticate using PAP method. My Goal would bo to use Active Directory as a abckend User Database, but I found that: 

  It should work.

> "Once the PAP authentication test has been successful, the next step for sites using Active Directory is to configure the system to perform user authentication against Active Directory. The clear-text passwords are unavailable through Active Directory, so we have to use Samba"
> 
> Is it true ?

  <sigh> *IF* you're trying to configure EAP.  That is one step out of
many.  It tests that AD integration works before going on to the next step.

> The same page describing to use ntlm_auth instead, But I cannot found how to pass attributes from LDAP Database using ntlm_auth to Radius Client.
> 
> Is it possible to reply attributes from LDAP using ntlm_auth ?

  No.

  For PAP, configure AD as an LDAP server.

  Alan DeKok.



More information about the Freeradius-Users mailing list