>>
>>
>> I would like to know if anyone has a work around to support PEAP (ms
>> chap v2) client access authenticate against a LDAP server with bind
>> operation. Currently, retrieving clear text password from LDAP is
>> not an option.
>>
>
>No this is not possible. Only way you can authenticate via LDAP bind is
>using TTLS with PAP as inner tunnel authentication.
>
>If you do need to use PEAP you will have to add NT/LM hashes in your
>LDAP directory. To do that extend the schema with Samba objects and
>download the smbldap-tools package. Of course this will involve users
>having to reset their passwords since you can't convert from MD5 to NT/LM.
>
>Vladimir
Since modification to the LDAP is not an option and clear password is off
limit, my only alternative is to seek a Windows EAP client that supports
TTLS-PAP. The Open Source SecureW2 does just that. It supports TTLS-PAP
and it integrates nicely with the Microsoft 802.1x client.
http://www.securew2.com/uk/index.htm
Thanks
Cedric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
