PEAP with LDAP as authentication source

Óscar Remírez de Ganuza Satrústegui oscarrdg at unav.es
Tue Aug 30 11:01:17 CEST 2016


Good morning,

<http://www.unav.edu/web/it/>

On Mon, Aug 29, 2016 at 2:02 PM, Ana Gallardo Gómez <anaougu at gmail.com>
wrote:

> > I don't know if I can use PEAP with LDAP  as authentication source...
> >
> >   Yes, you can.  But you have to use LDAP as a *database*.  You cannot do
> > an LDAP bind.
> >
>
> Ok, I can't becouse my passwords are store in crypt...
>

In order to do MSCHAPv2 auth, you must store your passwords in LDAP as
Cleartext passwd or NTpassword. And get them to let freeradius create
mschapv2 hashes.
See [1].

Otherwise, you can use ntlm_auth/winbind to let freeradius authenticate
against a Windows Domain (samba/Active Directory).
See [2]

Regards,


[1] http://deployingradius.com/documents/protocols/compatibility.html
[2] http://deployingradius.com/documents/configuration/active_directory.html

*Oscar Remírez de Ganuza Satrústegui*
IT Services
Universidad de Navarra
Tel. +34 948425600 x803130
http://www.unav.edu/web/it/


More information about the Freeradius-Users mailing list