SSH Logins to Cisco Switch. RADIUS/Active Directory
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Jan 28 12:57:16 CET 2014
On 28 Jan 2014, at 11:35, Luke Ramsden <lukermsdn at gmail.com> wrote:
> I have experimented with using LDAP bind before and encountered problems (see link below). One of the responses on the thread said I must use MSCHAPv2 if I do not have plaintext passwords in AD - which I do not:
>
> "Unless you are storing passwords in Active Directory in plain text or you want to use Kerberos authentication, you will have to use MSCHAPv2 (or its EAP equivalent, EAP-MSCHAPv2)."
>
> Previous thread relating to LDAP auth: http://freeradius.1045715.n5.nabble.com/LDAP-Active-Directory-Authentication-Issue-td5724001.html#a5724014
Stefan's answer was slightly misleading.
If you have the Cleartext-Password from the user you can attempt to bind as the user again the AD LDAP interface and use the bind result to determine whether to reject or allow the user.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140128/1ab00fdf/attachment.pgp>
More information about the Freeradius-Users
mailing list