You need to check the archives. But I'll answer anyway. Here's an explanation from one of Novell's forums. It's talking about Novells' Edirectory, but would apply to any other LDAP server.
<quote> You are correct that the FreeRADIUS LDAP module cannot authenticate a MS-CHAP password against eDirectory. This is because the RADIUS server receives only a hash of the password from the client. To verify the password, the server must lookup a clear-text version of the password, then compute a hash using the clear-text password with a nonce provided in the access-request packet. If the server generated hash matches the hash provided by the client, then authentication is accepted. <unquote> The password is not sent, therefore is not available to the Radius server to use for a bind against the LDAP server. Mearl >>> [EMAIL PROTECTED] 02/03 11:53 AM >>> Thanks for the fast answer! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
