Selon Alan DeKok <[EMAIL PROTECTED]>: > Something other than EAP-MD5. > > LEAP should work. > > As an alternative, you could try storing NT passwords. That will > allow LEAP & MS-CHAP to work. >
okay i'm not really into Win stuff .. ntPassword fields seem crypted since i can't "read" them with my eyes, but i think it's just a hash or something. Isn't it the regular way to store NT passwords ? anyway, here is my ldap section in radiusd.conf: ldap { server = "192.168.1.6" basedn = "ou=Users,dc=mtp,dc=epsi,dc=fr" filter = "(&(objectclass=posixAccount)(uid=%u))" start_tls = no dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 password_attribute = ntPassword #<--- i changed this one just to try it out, it was originally userPassword timeout = 4 timelimit = 3 net_timeout = 1 } and here are my sldapd access rules: access to dn=".*,dc=mtp,dc=epsi,dc=fr" attr=userPassword by dn="cn=root,dc=mtp,dc=epsi,dc=fr" write by self write by * auth access to dn=".*,dc=mtp,dc=epsi,dc=fr" attr=ntPassword by dn="cn=root,dc=mtp,dc=epsi,dc=fr" write by self write by * auth access to dn=".*,dc=mtp,dc=epsi,dc=fr" attr=lmPassword by dn="cn=root,dc=mtp,dc=epsi,dc=fr" write by self write by * auth if i remember well (long time i've not reconfigured openldap) the write perm also allow read ? since i didn't configure any user in the ldap section of radiusd, isn't it supposed to log in the ldap server with the username/passwd received by radiusd, and grab the user password which should be possible since it has write (read ?) perm ? thanks for your help -- Arnauld Dravet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html