-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert E. Toense wrote: > I am attempting to setup EAP-PEAP authentication via FreeRadius and a > Windows-based LDAP backend. The users accounts are in AD. After making > it past a number of obstacles, I am communicating with the LDAP server, > but found that neither LM-Passwords nor NT-Passwords are loaded into the > LDAP. "Clear-text" is NOT an option, and is not available either, > anyway. This problem must have been encountered by others. Assuming > that it can be done, how do you get the password information out of AD > and into LDAP in an appropriate format? > > Yes, I could use ntlm_auth and probably get it working, but this is > supposed to be LDAP-based, not SAMBA. The LDAP could move to a > different environment. Use of standards is important to us.
PEAP uses MS-CHAPv2, which requires knowledge of some form of the clear-text password. LDAP does not give you clear-text password, therefore you must use ntlm_auth, it works well. - -- ============== +---------------------------------------------+ Martin Gadbois | "Please answer by yes or no. | Sr. SW Designer | Uncooperative user waste precious CPU time" | Colubris Networks Inc. | -- The Andromeda Strain, M. Crichton, 1969 | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGlkba9Y3/iTTCEDkRAoiFAKCIgcVFpTK+T5WrsQBUqR0OnPMv2wCgxYyX 0TeTG+F6jBU9mkq85HAPst4= =qKq7 -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html