On 16.01.2014 12:24, 亚坤 李 wrote:
As mschapv2 is not supported by ldap, so I use ttls as the default peap method.
Wrong, with ldap (except if you run Novell eDirectory), the only working solution is EAP-TTLS/PAP, where the password is sent in clear-text within the TLS tunnel and thus can be used to bind to the ldap server. Other solution would be to store the NT-Hash within your ldap directory, then mschapv2 would work.
All of the above are the problem what I encountered by now, can anyone help with this, this problem really drive crazy, Thanks.
The list already answered to your question and directed you to the following page : http://deployingradius.com/documents/protocols/compatibility.html If it's RED, it's impossible. So don't ask how it can work because it won't work. Ever. Olivier B. -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: olivier@heliosnet.org