> > You can configure AD as an LDAP server, and then do LDAP group checks. > See the LDAP documentation for examples. > > Alan DeKok.
I think the documentation is saying that LDAP can't be used with EAP. Is that what it's really saying? It's a little unclear since it says "The solution is to use the default configuration, which does work." # However, LDAP can be used for authentication ONLY when the # Access-Request packet contains a clear-text User-Password # attribute. LDAP authentication will NOT work for any other # authentication method. # # This means that LDAP servers don't understand EAP. If you # force "Auth-Type = LDAP", and then send the server a # request containing EAP authentication, then authentication # WILL NOT WORK. # # The solution is to use the default configuration, which does # work. # # Setting "Auth-Type = LDAP" is ALMOST ALWAYS WRONG. We # really can't emphasize this enough. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
