Proxy to IAS will work too. Ron.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, January 05, 2005 10:24 AM To: freeradius-users@lists.freeradius.org Subject: Re: Confirmation of LDAP/CHAP and AD Okay. Thanks. Now my next question is would storing the CHAP passwords in AD using reversible encryption help (I would guess not, since your other posts seem to indicate the problem being that AD will not even give the RADIUS server the password to manipulate). Also, would using NTLM_AUTH be a possible solution? If not, then proxy RADIUS to an IAS server seems to be the only possible solution. Thanks, Mark Capelle >[EMAIL PROTECTED] wrote: >> I have FreeRADIUS doing password auth against AD via LDAP. I have a switch >> that allows port based security, but uses CHAP passwords. From my >> understanding, you can do this if the LDAP database has the passwords >> stored as clear-text passwords. You cannot do this with Active Directory >> since it does not store the passwords in clear-text. > > Exactly. > > Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
