I have been at this for awhile now, so I thought I would share a summary of what I have figured out so far for anyone else that decides to try this.
1 - Documentation for this particular configuration is either out of date / incomplete / both. There are no howtos that will get from start to end (if you do know of one or wrote one yourself please share - I will myself when I figure it all out). 2 - Most the trouble is due to the fact we are making a linux service talk to a windows service (AD LDAP). Freeradius talking to the linux passwd file is a breeze by comprassion. 3 - Windows 2003 LDAP implementation will not provide a password when a user/ service preforms a ldap search, the proper way If I understand correctly is to supply plain text username / password then freeradius preforms a bind with the provided credentials against your ADS server, success means the password was correct. 4 - Installing "Services For Unix" on 2003 will make AD LDAP provide a password hash attribute among other unix LDAP attributes. The user has have posix enabled. 5 - Anonymous searchs can be preformed on 2003 AD LDAP if you set dSHeuristics to 0000002 using adsiedit.msc. 6 - Microsofts LDAP is different to Novells (big surprise) and so unfortunately their documentation isnt to helpfull as a reference for people trying to use ADS in the same fashion. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html