LDAP/MSCHAP
Alan DeKok
aland at deployingradius.com
Fri Nov 11 09:23:05 CET 2011
Gary Gatten wrote:
> I agree with Jake, in that I *think* it would be possible to have a plugin or whatever interface with LDAP/AD in the same manner ntlm_auth does.
It's possible to have a plugin, but there is no benefit. FreeRADIUS
already has an LDAP plugin.
The *only* reason for ntlm_auth is that Microsoft doesn't expose the
NT-Password over LDAP.
> I don't think one *needs* a cleartext password, but does need some way to compare apples-to-apples. That said, I don't know the inner workings of all the auth protocols involved here so I could be way off. Something tells me if it were easy/possible, Mr. DeKok would have likely written the plugin by now.
http://deployingradius.com/documents/protocols/compatibility.html
This hasn't changed in 15 years.
Alan DeKok.
More information about the Freeradius-Users
mailing list