Q: I am setting up Internal 802.1x authentication on the BSC. I want to authenticate directly against Microsoft Active Directory so I do not have to install Microsoft's Radius component (IAS or NPS). What is the LDAP Password Attribute Name for Microsoft Active Directory?
A: Internal 802.1x can authenticate a user directly against an LDAP server if the LDAP server has a readable attribute containing the MD4 hash of the users password. For example Open LDAP has an "ntpassword" attribute that is readable and contains the MD4 hash of the user's password. Microsoft Active Directory however does NOT have a readable attribute containing the MD4 hash of the user's password and therefore authenticating directly against MS AD is NOT supported. Use IAS or NPS with MS AD.