Jack J <[EMAIL PROTECTED]> wrote: > If one has Supplicant (client) configured for > EAP-PEAP w/ MS-CHAPv2 and on FreeRADIUS (or any > other RADIUS server) configured to terminate PEAP > w/MS_CHAPv2, but user profiles are stored on > Active Directory. > > Does FreeRADIUS support this ?
Yes, but AD doesn't. AD won't let FreeRADIUS get clear-text passwords from it. Other LDAP servers don't have this limitation. > If userprofile is on LDAP I think it would work since > LDAP bind/search would return userPassword attribute, > where as AD does not. Thus CHAP cannnot be done in AD > case. Is this true ? Currently, yes. > Currently EAP-PEAP w/ MS-CHAPv2 termination works on > some commercial FreeRADIUS servers There are no commercial FreeRADIUS servers. Other, Windows servers can do this, because they're running on Windows. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html