> > You can't use PEAP unless you have plaintext passwords stored in the > LDAP or NT/LM password hashes. To use LDAP bind to authenticate you will > need to use TTLS with PAP as inner tunnel authentication. This is how > you can configure your clients to use TTLS+PAP >
The passwords are revealed in plaintext. Would prefer to use PEAP w/MsChapv2 as any XP client on our network will already have that. Is there anything special to configure in the eap.conf. I used certs.sh to create the demoCA which I'm using for testing. Thanks. eap.conf eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random } peap { default_eap_type = mschapv2 } mschapv2 { } } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html