On Tue, Aug 17, 2010 at 2:44 AM, Alan DeKok <al...@deployingradius.com> wrote: > > Paul Dugas wrote: > > On Mon, Aug 16, 2010 at 5:02 PM, Alan DeKok <al...@deployingradius.com> > > wrote: > >> Use PEAP. Ensure passwords are in a form compatible with PEAP: > > > > My LDAP directory contains NT, LM, and SSHA passwords but not > > clear-text so, if I'm following correctly, I need to look into using > > ntlm_auth. > > No. I have no idea why you concluded that. > > FreeRADIUS needs a password for authentication. That's it.
The settings in NetworkManager on my Fedora Linux laptop, when I choose WPA&WPA2-Enterprise and PEAP, allow MSCHAPv2 (default), MD5, and GTC for the inner authentication. I see on the protocol compatibility table you referenced that only clear-text and ntlm_auth are available under PEAP and EAP-MSCHAPv2. I do not have clear-text passwords in my LDAP directory so I concluded I needed to look into ntlm_auth. Where did I go wrong? > If you have the LDAP module listed in the "inner-tunnel", then you're > well on your way to getting it all to work. I found a posting that pointed me toward sites-available/default to enable ldap under authorize and the Auth-Type LDAP block under authenticate. Found another that suggested the same in sites-enabled/inner-tunnel. I've adjusted modules/ldap to connect with the correct privileges; I've not adjust ldap.attrmap. It didn't work after that though I'm not at the site today to get detailed logs to post. I will be tomorrow though. Paul -- Paul Dugas • Dugas Enterprises, LLC • Computer Engineer 522 Black Canyon Park, Canton GA 30114 USA • p...@dugasenterprises.com • +1.404.932.1355 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html