At the moment I use Cisco ACS to authenticate against eDirectory LDAP servers. I would like to use PEAP(EAP-MCHAP) if possible due the the widespread availability of the 802.1x suplicant in Windows. Unfortunately ACS does not support PEAP->LDAP authentication. Before I start down working with another AAA product I would like a better understanding if I can do it and how I can get it working. I found a reference to CHAP and LDAP in the FreeRADIUS FAQ (#5.11). I get the impression that the if LDAP module is configured to get a clear text password, then the CHAP module can use it to do the hashing and handshaking. Is this the same for MSCHAP? Another alternative I am exploring is to find an MSCHAP front-end for the LDAP server. Any thoughts? Peter Hicks
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html