"Hugo Sousa" <[EMAIL PROTECTED]> wrote: > But if the domain controller uses LDAP, why do we have to use LDAP and after > that ntlm_auth ???
Because Active Directory isn't LDAP in the same way that other LDAP servers are LDAP. You can't get NT-Passwords from AD, you can get it from other LDAP servers. Therefore, you can't get FreeRADIUS to compare a known good password to the password in the Access-Request, you've got to use something else. In this case, NT domain authentication does MS-CHAP, so FreeRADIUS can use ntlm_auth to do MS-CHAP to the NT domain, and thus authenticate the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
