[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Re : Active Directory Integration
From:       "Ivan Kalik" <tnt () kalik ! net>
Date:       2008-06-30 13:16:42
Message-ID: GVFoPMoJ.1214831802.2705860.tnt () kalik ! co ! yu
[Download RAW message or body]

>Because in my database for the User-Name, I have the following
>
>mysql> select * from radcheck ;
>+----+----------------------------------------+-----------+----+---------+
>| id | UserName                          | Attribute | op | Value   |
>+----+----------------------------------------+-----------+----+---------+
>| 10 | TOTO@MYDOMAIN            | Auth-Type | := | MS-CHAP |
>+----+----------------------------------------+-----------+----+---------+
>1 row in set (0.00 sec)

Delete that. You can't make a request into mschap by pretending it is
one.

>
>So what I have to do ?
>

Well, what do you want to do? You have created AD integration for mschap
requests via ntlm_auth. That's mainly used for wireless clients that
use PEAP. It's not going to be of great use if your clients are going
to be sending pap requests.

For those you can use (already created) ldap configuration. Retrieve
passwords from AD as NT-Password and (freeradius) pap module will
authenticate them. mschap requests will work with this too.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]