Passwords for PEAP from AD-based LDAP

Robert E. Toense rtoense at nist.gov
Thu Jul 12 17:03:17 CEST 2007


This may be on the fringes of the scope of this group, but any pointers 
would be appreciated.

I am attempting to setup EAP-PEAP authentication via FreeRadius and a 
Windows-based LDAP backend.  The users accounts are in AD.  After making 
it past a number of obstacles, I am communicating with the LDAP server, 
but found that neither LM-Passwords nor NT-Passwords are loaded into the 
LDAP.  "Clear-text" is NOT an option, and is not available either, 
anyway.  This problem must have been encountered by others.  Assuming 
that it can be done, how do you get the password information out of AD 
and into LDAP in an appropriate format?

Yes, I could use ntlm_auth and probably get it working, but this is 
supposed to be LDAP-based, not SAMBA.  The LDAP could move to a 
different environment.  Use of standards is important to us.

Thanks,

Robert Toense



More information about the Freeradius-Users mailing list