PEAP LDAP password problem

[Alexey Eronko]

Alexey Eronko wrote:
> Thanks for you replay.
>
> According with this link :
> http://deployingradius.com/documents/protocols/compatibility.html.
>
> I need EAP-GTC.

  Huh?  How did you conclude that?

[AE:]   Becasuse of GTC support Crypt password.

I have huge problem that I need to ask 200 users to reenter there passwords
in OpenLDAP.
Another problem is that I'm not sure that I can store two kind of password
simultaneously(nt and crypt).
Maybe someone know how to convert ldap passwords to nt hash? :) or I need to
reenter all passwords.


  All you need to do is to put the NT hash into LDAP, as you said.  You
do NOT need to use EAP-GTC.

> I'm not sure that my Proxim AP700 support this kind of EAP.

  Access points don't care about EAP methods.

> Is this suitable method for WIFI network?
> I still want to use user/password authentication for windows users thought
> openLDAP(crypt) password.

  You don't.  You put the NT hash into the OpenLDAP database.

[AE:]  Find my comments above.

> How can I make sure that my Access Point can use EAP-GTC?

  Access points don't do EAP.  Supplicants use EAP.

> Or the only one way that I need is move to Windows Radius(IAS)?

  I have no idea why you think that will help.  The web page I pointed
you to says *nothing* about operating systems or RADIUS server
implementations.

  If you have crypt'd passwords then you CANNOT do normal PEAP.  Moving
to Windows will make no difference.

[AE:]  The point is that my 200 users already have windows(active directory)
accounts and they know password. So I don't need to reenter these passwords
in openLDAP. But I like linux/opensource I I want 100% sure that this is one
way(move to windows radius) to take my goal.

Thanks 

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html