Alan DeKok wrote:
James McOrmond wrote:
This is a Samba NT domain, not AD. I do not have access to the plain text password through Samba or LDAP.
Samba is a lot friendlier about passwords than AD is.
Of course it is.. <G> I probably should have mentioned samba in the original message.
The "Protocol and Password Compatibility" chart and the "Authenticaiton Systems and Password Compatibility" chart from the "Deploying RADIUS: The Book" page specifically says PAP/ntlm_auth is functional. Regular CHAP is not because it requires the clear-text password.
The issue is convincing the database to give FreeRADIUS *something* to use for authetnication. The web page lists ntlm_auth only because of AD limitations.
With Samba, you just map the LDAP "ntpasswd" or "sambantpasswd" attribute to the RADIUS attribute. See ldap.attrmap.
OK. definitely progress. It's authenticating with EAP-TTLS now as well.. But.. Using secureW2 in the windows client - if I put anything in the DOMAIN field, it doesn't work well - likely because my userid is still jamesm@MOODIE when it attempts to connect to ldap. possibly I have the ntdomain hack stuff wrong? or maybe some realm settings missing? suffix is enabled.. -- James A. McOrmond (jamesm@xandros.com) Network Administrator Xandros Corporation, Ottawa, Canada. Morpheus: ...after a century of war I remember that which matters most: *We are still HERE!*