[EMAIL PROTECTED] wrote: > Ok, I skimmed through the mailing list notes last night (mostly via > Google) and found a number of notes that said it was only possible > to do EAP authentications against an LDAP server if the server has > either cleartext passwords or NT hashes in it. Some of those notes > were very old and the ldap_howto.txt doc is also rather old with no > reference of 802.1x, so I'm hoping to get an updated answer.
The answer hasn't changed. It won't ever change. > My LDAP choices are the AD domain controllers and our iPlanet LDAP > servers - the iPlanet servers have crypted passwords and no NT hash > info, so I believe they're out of this(?) The AD LDAP might have a > way for me to make use of PEAP or TTLS, but I'm running into a bit > of trouble with the user binding at this time. You can't use LDAP to authenticate PEAP to AD. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html