Norman Elton <[EMAIL PROTECTED]> wrote: > Can FreeRadius extract the password out of the MS-CHAP-v2 request, > and use it to bind against LDAP over SSL?
No. MS-CHAPv2 is designed to make that impossible. > I would much rather not have to tackle Kerberos, as it looks much > more complicated. If you can't obtain the clear-text (or NT) password from LDAP, then what youy're trying to do is impossible. MS-CHAP is designed to make it impossible to get the clear-text password from the MS-CHAP data. Kerberos is designed to never give the password to the application. FreeRADIUS sits in the middle, and gets locked out by both ends. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
