aab+freeradius@drexel.edu wrote:
Ok, I skimmed through the mailing list notes last night (mostly via Google) and found a number of notes that said it was only possible to do EAP authentications against an LDAP server if the server has either cleartext passwords or NT hashes in it. Some of those notes were very old and the ldap_howto.txt doc is also rather old with no reference of 802.1x, so I'm hoping to get an updated answer.
The answer hasn't changed. It won't ever change.
My LDAP choices are the AD domain controllers and our iPlanet LDAP servers - the iPlanet servers have crypted passwords and no NT hash info, so I believe they're out of this(?) The AD LDAP might have a way for me to make use of PEAP or TTLS, but I'm running into a bit of trouble with the user binding at this time.
You can't use LDAP to authenticate PEAP to AD. Alan DeKok.