Yes, ad_client uses LDAP. There are several choices for how to
authenticate (mine is using SSPI) and you can choose to encrypt (LDAPS)
or not, but it's definitely still AD over LDAP. I think that's actually
at the heart of the issue: ad_client is an ...
Just ran into this today after upgrading from 7.2.9 to 7.2.10, using Duo
Auth Proxy as the RADIUS server. One effective workaround for this that
I worked out is to switch from using ad_client as the authentication
source for Duo, to using radius_clie...
