>> >> >> I would like to know if anyone has a work around to support PEAP (ms >> chap v2) client access authenticate against a LDAP server with bind >> operation. Currently, retrieving clear text password from LDAP is >> not an option. >> > >No this is not possible. Only way you can authenticate via LDAP bind is >using TTLS with PAP as inner tunnel authentication. > >If you do need to use PEAP you will have to add NT/LM hashes in your >LDAP directory. To do that extend the schema with Samba objects and >download the smbldap-tools package. Of course this will involve users >having to reset their passwords since you can't convert from MD5 to NT/LM. > >Vladimir
Since modification to the LDAP is not an option and clear password is off limit, my only alternative is to seek a Windows EAP client that supports TTLS-PAP. The Open Source SecureW2 does just that. It supports TTLS-PAP and it integrates nicely with the Microsoft 802.1x client. http://www.securew2.com/uk/index.htm Thanks Cedric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html