Softerra ldap browser helped with AD structure Relevant radiusd.conf mschap { <snip> with_ntdomain_hack = yes ntlm_auth = "/usr/local/samba/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge= %{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" <snip> }
ldap { server = "x.x.x.x" port = 636 identity = "cn=ldapuser,dc=yourdomain,dc=com" password = yourpassword basedn = "dc=domain,dc=com" filter = "(&(samaccountname=%{Stripped-User-Name:-%{User-Name}}))" start_tls = no tls_cacertfile = /usr/local/ssl/certs/server.pem tls_cacertdir = /usr/local/ssl/certs/ <snip> } eap.conf { <snip on defaults> default_eap_type = peap tls { private_key_file = /usr/local/ssl/bin/pluto.key certificate_file = /usr/local/ssl/bin/pluto.crt CA_file = /usr/local/ssl/certs/sausecure.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random } ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no } peap { default_eap_type = mschapv2 } mschapv2 { } } smb.conf - workgroup = YOURDOMAIN hosts allow = x.x.x.x. 127. idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind nested groups = no winbind separator = + winbind trusted domains only = no winbind use default domain = no winbind cache time = 10 security = domain password server = * -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AJ Grinnell Sent: Thursday, January 13, 2005 1:19 PM To: freeradius-users@lists.freeradius.org Subject: Re: LDAP, PEAP, Active Directory issue Does anyone have an example of radiusd.conf that will show the following. I know this can be done. Windows XP client --> 802.1x/PEAP --> Freeradius 1.0.1 --> Active Directory I have tried many different configs, yet I am still getting an error with the password. I just need an example, please. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html