Alan DeKok aland at deployingradius.com
Fri Nov 11 09:23:05 CET 2011

Gary Gatten wrote:
> I agree with Jake, in that I *think* it would be possible to have a plugin or whatever interface with LDAP/AD in the same manner ntlm_auth does.

  It's possible to have a plugin, but there is no benefit.  FreeRADIUS
already has an LDAP plugin.

  The *only* reason for ntlm_auth is that Microsoft doesn't expose the
NT-Password over LDAP.

>  I don't think one *needs* a cleartext password, but does need some way to compare apples-to-apples.  That said, I don't know the inner workings of all the auth protocols involved here so I could be way off.  Something tells me if it were easy/possible, Mr. DeKok would have likely written the plugin by now.


  This hasn't changed in 15 years.

  Alan DeKok.

More information about the Freeradius-Users mailing list