Peap+TTLs and Ldap

[Francisco Castanheiro]

Hello,
i'm using freeradius to do the auth on a wireless network. My users  
are in a Ldap directory that have both NT-Password and UserPassword,  
i use ldap to auth linux users and samba+ldap to auth windows users.

I have PEAP and ttls set up in my config and some test users with  
clear password in the users file, plus the ldap users. I have no  
problems with ttls auth, both with ldap and "local" test users, but i  
can't say the same about peap. When i try to use peap to auth a  
"local" user it goes fine, but when the user is a ldap one it just  
fails. I have the map between ldap and radius attributes setup.
I think that my ldap NT hashes are correct because i can use them to  
auth my windows users with samba, but the only thing that i can see  
that differs from both the scenarios that i described is that ttls  
uses the "userpassword" attr and PEAP uses the NT-Password attr. And  
i know that peap works when the password is clear, because it works  
with the "local" test users.

Could some bad config do this behavior? Or could it be some problem  
with my version of freeradius and my NT hashes?

I'm out of ideas. If my config or logs help i can post them.

Thanks for any help.

Regards

---
Francisco Castanheiro
Departamento de Informática
Faculdade de Ciências e Tecnologia - UNL
E-mail: fdsc at di.fct.unl.pt



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060921/db117213/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060921/db117213/attachment.pgp>