6 Oct
2010
6 Oct
'10
2:19 p.m.
schilling wrote:
We are trying to use ldap as backend database for dot1x peap authentication thru freeradius. The following link has good explanation.
Note it's 5 years old...
But do we really need both ntpassword and lmpassword in the ldap directory?
No.
windows client send username and ntpassword to NAS NAS send the username/ntpassword to radius in a tunnel radius unwrap the tunnel, using the username to fetch the ntpassword from ldap, do a comparison of ldap returned ntpassword and unwrapped ntpassword, if they are the same, authentication accept.
No. It's a *lot* more complicated than that. All you need to do is to uncomment "ldap" in raddb/sites-available/inner-tunnel, and it should work. Alan DeKok.