Accepted Solutions
I am not sure ,where you read that LDAP and these protocols are not supported ??
I am not tested this but i think it might work just you must create a New Identity Source Sequence
Where you will use AD and LDAP_AD
And use it in authorization policy . In authentication use protocols that you need for your deployment.
And i saw one more thing https://bst.cloudapps.cisco.com/bugsearch/bug/CSCul55352/?rfs=iqvred
The way I understand it, it's a technical limitation of how the passwords are stored in the LDAP "database".
You can perform ASCII/PAP authentication to an LDAP directory (because the password that is sent in the auth request is simply a string comparison with the plain text password stored in the LDAP directory). But you cannot perform CHAP etc because there is neither a simple password sent by the client, nor is there a simple password stored on the external directory. E.g. in AD, the client and server perform a handshake protocol, hence the name Challenge-Handshake Authentication Protocol (I don't completely understand it - google it) and this is where the complexity comes in.
Have a read of this too
Deploying RADIUS: Protocol and Password Compatibility
If you want the real gory details (actually an excellent explanation by a somewhat militant sounding Alan de Kok (FreeRadius dev) then check this out Users - Chap auhtentication against LDAP
Having said that, Aruba Clearpass appears to support this. LDAP Authentication Source Configuration - so maybe the technical argument is an old one.
It's confusing for sure 
