more "mention Active Directory by name"

author Alan T. DeKok <aland@freeradius.org>

Wed, 1 Jun 2022 10:48:21 +0000 (06:48 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Mon, 29 Aug 2022 19:35:14 +0000 (15:35 -0400)
author Alan T. DeKok <aland@freeradius.org>
Wed, 1 Jun 2022 10:48:21 +0000 (06:48 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Mon, 29 Aug 2022 19:35:14 +0000 (15:35 -0400)
diff --git a/raddb/sites-available/default b/raddb/sites-available/default

index 1926b7cd6e381cebfb809c7e89f8db0808124625..a4ac9c77a884679e29be8cd3e2dd7315016c53e5 100644 (file)
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -437,6 +437,18 @@ authorize {
         #  The ldap module reads passwords from the LDAP database.
         -ldap
  
+       #
+       #  If you're using Active Directory and PAP, then uncomment
+       #  the following lines, and the "Auth-Type LDAP" section below.
+       #
+       #  This will let you do PAP authentication to AD.
+       #
+#      if ((ok || updated) && User-Password && !control:Auth-Type) {
+#              update {
+#                      control:Auth-Type := ldap
+#              }
+#      }
+
         #
         #  Enforce daily limits on time spent logged in.
  #      daily
@@ -563,6 +575,9 @@ authenticate {
         #  authentication server, and knows what to do with authentication.
         #  LDAP servers do not.
         #
+       #  However, it is necessary for Active Directory, because
+       #  Active Directory won't give the passwords to FreeRADIUS.
+       #
  #      Auth-Type LDAP {
  #              ldap
  #      }
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 1 Jun 2022 10:48:21 +0000 (06:48 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Mon, 29 Aug 2022 19:35:14 +0000 (15:35 -0400)