Robert E. Toense wrote:
This may be on the fringes of the scope of this group, but any pointers would be appreciated.
I am attempting to setup EAP-PEAP authentication via FreeRadius and a Windows-based LDAP backend. The users accounts are in AD. After making it past a number of obstacles, I am communicating with the LDAP server, but found that neither LM-Passwords nor NT-Passwords are loaded into the LDAP. "Clear-text" is NOT an option, and is not available either,
Oh, they're in AD, but they're not available through LDAP. See: http://deployingradius.com/documents/configuration/active_directory.html
Yes, I could use ntlm_auth and probably get it working, but this is supposed to be LDAP-based, not SAMBA. The LDAP could move to a different environment. Use of standards is important to us.
1) Ask Microsoft to expose the password through LDAP. 2) Use Samba. 3) Use a real LDAP server. Those are your choices. Alan DeKok.