Hello,
I was trying to use PAM authentication with freeradius for Win XP client (PEAP). I was getting error in the tls section. I posted to freeradius userlist. I got the reply as below. Is this right?. If not, Can I use LDAP+PEAP+freeradius.
Yes, the info was right. But _still_, your chances are very good that you can use LDAP: your LDAP server needs to store the user passwords in clear text and allow your LDAP admin user to retrieve them. This is a common scheme in most LDAP instances, the notable exception being ActiveDirectory. But even with ActiveDirectory you could do PEAP, it would just be a little m,ore complicated than I outlined below (ntlm_auth, as the text you quoted suggested). Greetings, Stefan Winter
================================== You cannot use PAM to answer PEAP/MS-CHAP requests. You must either have the plaintext password for the user, the NT or LM hashes for their password, or access to an NT domain controller and use the "ntlm_auth" helper in the mschap module.
===========================================================================
Greetings -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473