sonyisda1 <e...@tpri.com> wrote: >Using FreeRadius on Ubuntu 12.04 >FreeRadius is communicating with Windows 2008 R2 Active Directory >server. >I have MS-CHAP authentication working fine. This is used for VPN. > >I am setting up LDAP authorization and CHAP authentication. This will >be >used for router login. The router has the radius configuration >pointing to >FreeRadius box. > >From the logs, the LDAP authorization appears to bind correctly but is >unable to retrieve a clear password for the user account and thus user >cannot be authenticated with CHAP.
Active directory does not *have* plaintext passwords. Even the ones it does have (nt hash) cannot be read out via ldap or any other method (short of rooting the box). Therefore, chap against ad ldap is impossible. See the protocol compatibility guide on deployingradius.com -- Sent from my phone. Please excuse brevity and typos. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
