If you want to use ldap as authentication source, either you have plaintext password in ldap or ntPassword hash stored in ldap. You can search the list of my name, I just got both eap/peap against Active Directory w/ ntlm_auth and against ldap w/ ntPassword recently. I posted my configuration on the list. I am using peap because of we don't want to install a third party supplicant.
Schilling On Fri, Feb 11, 2011 at 3:44 PM, Gary Gatten <ggat...@waddell.com> wrote: > PS: We also use ntlm_auth for 802.1x. All the docs I read and the comments > within the various FR files say EAP and LDAP won't work - for Authentication. > Authorization should be fine. > > G > > > -----Original Message----- > From: freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org > [mailto:freeradius-users-bounces+ggatten=waddell....@lists.freeradius.org] On > Behalf Of Max Schröder > Sent: Friday, February 11, 2011 2:31 PM > To: FreeRadius users mailing list > Subject: Re: Freeradius + LDAP for WPA-Enterprise > > Gary Gatten wrote: >> You forced ALL Authentication requests to use LDAP. EAP / LDAP don't play >> well together. Remove the "Auth Type LDAP" - for now. >> > If I remove that the radtest failed for a LDAP-User. It returns a > rejected Message. >> As for accomplishing your goal, unfortunately others will have to help you >> with that - I don't know FR/LDAP/EAP well enough. But, I don't THINK you >> can authenticate EAP requests against LDAP directly because of the "no clear >> text password" issue. >> > How else would you authenticate a WPA(2)-Enterprise with Radius using > LDAP-Accounts? > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > <font size="1"> > <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in > 0in 1.0pt 0in'> > </div> > "This email is intended to be reviewed by only the intended recipient > and may contain information that is privileged and/or confidential. > If you are not the intended recipient, you are hereby notified that > any review, use, dissemination, disclosure or copying of this email > and its attachments, if any, is strictly prohibited. If you have > received this email in error, please immediately notify the sender by > return email and delete this email from your system." > </font> > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
