I am trying to authenticate my network against Windows 2003 Active Directory. With help from Ivan Kalik, I was able to use NTLM to communicate with Windows 2003 server and authenticate EAP clients. On the EAP side I am using PEAP since they are mostly windows XP clients and I don't think there is another choice (please correct me if I am wrong). However on the Radius server side, I seem to have options. It seems that I can use NTLM, Kerberos 5 or LDAP to authenticate with Windows Domain Controller. So my questions are:
Can I use any of them?
No. Kerberos requires clear password in radius request, so it can't be used with peap. AD is sort of a (deliberately) broken ldap server. It won't pass the clear text password to non-Windows radius server - only to IAS. So you can't use AD as ldap for peap either. ntlm_auth it is. Ivan Kalik