From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 1 Jun 2022 10:48:21 +0000 (-0400)
Subject: more "mention Active Directory by name"
X-Git-Tag: release_3_0_26~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d39a456a6b418775354bb2d7e3f4ee83e0da543f;p=thirdparty%2Ffreeradius-server.git

more "mention Active Directory by name"
---

diff --git a/raddb/sites-available/default b/raddb/sites-available/default
index 1926b7cd6e..a4ac9c77a8 100644
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -437,6 +437,18 @@ authorize {
 	#  The ldap module reads passwords from the LDAP database.
 	-ldap
 
+	#
+	#  If you're using Active Directory and PAP, then uncomment
+	#  the following lines, and the "Auth-Type LDAP" section below.
+	#
+	#  This will let you do PAP authentication to AD.
+	#
+#	if ((ok || updated) && User-Password && !control:Auth-Type) {
+#		update {
+#			control:Auth-Type := ldap
+#		}
+#	}
+
 	#
 	#  Enforce daily limits on time spent logged in.
 #	daily
@@ -563,6 +575,9 @@ authenticate {
 	#  authentication server, and knows what to do with authentication.
 	#  LDAP servers do not.
 	#
+	#  However, it is necessary for Active Directory, because
+	#  Active Directory won't give the passwords to FreeRADIUS.
+	#
 #	Auth-Type LDAP {
 #		ldap
 #	}