FreeRadius unable to read password from LDAP query to win2008 AD

Alan DeKok aland at
Thu May 17 23:36:25 CEST 2012

sonyisda1 wrote:
>>From the Connection Attempt file, the request comes in with CHAP-Challenge
> and CHAP-Password.  That is why CHAP is being chosen as the authentication
> method.  
> Basically the user is being authorized through LDAP but LDAP does not do
> authentication so what do you recommend for authentication then?


  It's an authentication server.

  LDAP is a database.

  But... this means storing passwords in a form which can be used by the
authentication server.  Or, it means using an authentication protocol
(e.g. MS-CHAP) which is compatible with the database.

  Don't blame us.  Blame Microsoft for making a database which contains
data it won't return in queries.

  Alan DeKok.

More information about the Freeradius-Users mailing list