Phil Mayers wrote:
All the passwords stored in the ldap database are md5, is that going to work with peap?No. It's cryptographically impossible, sorry. Your only real option is TTLS+PAP, which will require installing supplicant software on windows machines e.g. SecureW2- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What we did here was setup a transparent capture of passwords when users logged into one of our popular services.
We then took the captured passwords and populated a second attribute in the LDAP directory with them (ntPassword).
Now all operations involving a change of users passwords write the SSHA form of the password and the NT Hash form of the passwords, which is nice because it means we can hang Samba off our OpenLDAP server too :)
-- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900