RE: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile storage

A better solution would be to port the PPPd winbind code to rlm_winbind, but it's not trivial. Would this also work for the 802.1X Computer authentication? Tom. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile storage

On Wed, 2004-04-07 at 02:33, Tom Rixom wrote: Would this also work for the 802.1X Computer authentication? I'm 99% sure it would. The computer accounts use the same authentication mechanism as the user accounts do. -- --Mike --- Michael Griego Wireless LAN

RE: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile storage

On Wed, 2004-04-07 at 11:57, Steve OBrien wrote: Does anyone know if you can use Kerberos for user authentication for PEAP? Not unless there's an EAP-Kerberos (EAP-KRB?) to be used for the inside-tunnel authentication. I, however, never heard of any work being done on an EAP-Kerberos method.

Re: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile storage

Jack J [EMAIL PROTECTED] wrote: Question: Can FreeRADIUS use ntlm_auth from Samba to make this happen ? I mean: PEAP w/MSCHAPv2 and using AD as User profile storage ? I have no idea. I think that we'll need a rlm_winbind module to do this. There's winbind code out there which can be

Re: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile storage

Hi Alan, rlm_winbind: I see Samba 3.0.2 has winbind code available. Andrew Barlett of Samba (author of winbind) has made it available. Is anyone working or planning to work on rlm_winbind module for FreeRADIUS ? (That is : make a similar port which Andrew did for pppd to FreeRADIUS) ?? Thank

RE: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile storage

this. I wish I could help you further. Good luck. T. -Original Message- From: Jack J [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 06, 2004 7:52 PM To: [EMAIL PROTECTED] Cc: Tom Rixom Subject: RE: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile

RE: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile storage

If one has Supplicant (client) configured for EAP-PEAP w/ MS-CHAPv2 and on FreeRADIUS (or any other RADIUS server) configured to terminate PEAP w/MS_CHAPv2, but user profiles are stored on Active Directory. Does FreeRADIUS support this ? If userprofile is on LDAP I think it would work since

RE: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile storage

If userprofile is on LDAP I think it would work since LDAP bind/search would return userPassword attribute, where as AD does not. Thus CHAP cannnot be done in AD case. Is this true ? Does anyone know how the LDAP lookup works against AD? Does it actually get the password (doubtful) or does it

Re: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile storage

Jack J [EMAIL PROTECTED] wrote: If one has Supplicant (client) configured for EAP-PEAP w/ MS-CHAPv2 and on FreeRADIUS (or any other RADIUS server) configured to terminate PEAP w/MS_CHAPv2, but user profiles are stored on Active Directory. Does FreeRADIUS support this ? Yes, but AD

Re: PEAP w/MS-CHAPv2:: Wireless Authentication against Windows AD as user profile storage

Question: Can FreeRADIUS use ntlm_auth from Samba to make this happen ? or Kerberos? TIA, Steve