<div>Hi Alan,</div>
<div> </div>
<div>its also possible to use PEAP-GTC (prefered).</div>
<div>If I see this table it should be possible to use also encrypted passwords with EAP-GTC.</div>
<div> </div>
<div>But in this case I never get a working configuration.<br><br></div>
<div class="gmail_quote">2009/8/7 Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>></span><br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div class="im">Steffen Langhammer wrote:<br>> The LDAP-Server doesn't contain a clear-text password. They are<br>> encrypted and this isn't allowed to change.<br><br></div> hhttp://<a href="http://deployingradius.com/documents/protocols/compatibility.html" target="_blank">deployingradius.com/documents/protocols/compatibility.html</a><br>
<div class="im"><br>> The password field is "userPassword".<br>><br>> I was testing my LDAP-Configuration in Freeradius with NTRadPing.<br>> If I make an authentication Request I get a response: Access_accept.<br>
> I am happy that freeradius can speak to LDAP :-))<br>><br>> Now my problem is:<br>> The wireless client is configured to LEAP, I enter the same user and<br>> password as in NTRadPing Utility. But I don't get access.<br>
<br></div> Your requirements are impossible to satisfy.<br>
<div class="im"><br>> I don't understand what I have done wrong.<br>> Maybee the eap-module is not able to forward the bind to the LDAP-Server ?<br><br></div> No. Read the page given by the URL above. What you want to do is<br>
impossible.<br>
<div class="im"><br>> If i use LEAP and set the password_attribute to an cleartext field in<br>> ldap it works.<br><br></div> Exactly.<br>
<div class="im"><br>> I was setting as password_attribute the field to givenname and enter as<br>> passwort the givenname of user.<br>><br>> If I use the LEAP mode on the client the login to WLAN works fine (by<br>
> using cleartext)<br>> But I have to use the encrypted password in LDAP because of security<br>> reasons.<br>><br>> What can I do ?<br><br></div> Read the last section of that web page.<br><br> Trying to do the impossible is an effort in futility. Change your<br>
requirements to something that is possible to do.<br><br> My suggestion: don't do LEAP. It's insecure. Use another EAP method<br>such as TTLS.<br><font color="#888888"><br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</font></blockquote></div><br>