MikroTik VPN + HotSpot
Alan DeKok
aland at deployingradius.com
Wed Feb 12 15:02:53 UTC 2025
On Feb 12, 2025, at 9:59 AM, Adnan RIHAN <axel50397 at gmail.com> wrote:
> OK. LDAP is better.
>
> In that case, as Freeradius and Samba-AD are on the same machine, wouldn't it be possible to also use LDAP for mschap?
No. Or at least, "no for Active Directory". If it was possible, we would be recommending it.
If you're running OpenLDAP, FreeRADIUS can get the password from LDAP, and then do the MS-CHAP stuff itself. In contrast, Active Directory won't return the password via an LDAP query. so we're stuck with ntlm_auth.
> Do you have a guide to configure LDAP for PAP in Freeradius please?
The server comes with substantial documentation. Try reading mods-available/ldap
Alan DeKok.
More information about the Freeradius-Users
mailing list