Dear 3APA3A, >> Is there any way to retrieve LDAP-stored passwords (i.e. in a >> W2k-domain controller) and use them in MS-CHAP >> authentication/authorization?
KK> In general, yes. There is support for LM-Password and NT-Password in the KK> ldap.attrmap file, so you should probably be ok. Just make sure they map to the KK> correct ldap attributes and read doc/rlm_mschap. 3APA3A> These attributes are for SAMBA LDAP. Win2K AD doesn't store hashes in 3APA3A> LDAP, at least as lmPassword/ntPassword. I guess thats the reason why my attempts to use LDAP and MS-CHAP in combination have failed. (Believe me, I read the doc-files more than once). Do you know whether there is a possibility to retrieve the W2k-passwords via ldap at all? Or is that another case of MS-special solution? Regards, Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html