Hi Stefan,
We probably need a freeradius-eduroam list :-)
Is it possible to authenticate PAP credentials from the NAS against a
Windows domain using NTLM? I've tried using the mschap module, but it
expects to see a Challenge that the NAS doesn't provide.
If you want to authenticate against AD and have PAP credentials available,
just treat the AD server like an LDAP server, i.e.: the ldap {} section is
for you. It will use the credentials to bind as the user to AD, and if that
succeeds the user is allowed in.
I didn't realise that AD allowed authenticated binds from users by
default. Does it require some special tweaking? Our AD admin are *very*
cautious about who talks to it... (probably very sensible).
best regards, josh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
