"Chris Liles" <Chris.Liles@air2web.com> wrote:
But I have also read about some guy successfully using OpenLDAP with PEAP because he stored the LM and NT password hashes in the ldap schema along with the clear text password. With AD I suppose you could extend the schema to store these as well, but you'd have to manually update them when a password changes.
Yes. There are hooks in AD to do just that, but the software implementing the hooks has to be installed on every domain controller.
In my attempts to use ldap with active directory for PEAP it wouldn't work, so I went samba. It works fine. Radiusd -X and the mailing list are your best friends. :)
AD doesn't supply passwords through LDAP. That's why the server ships with support for ntlm_auth. Alan DeKok.