I have a radius 2.0.2 working with EAP-TTLS, users passwords are in a LDAP server. Itis working well. Please bear in mind that password and encrypted in LDAP server and I can't modifiy that (my boss don't want!). So I need a "secondary" password in clear-text only for radius, because of this I've added to LDAP an attribute that looks like userPassword called radiusPassword.
Just map radiusPassword to Cleartext-Password and peap will ignore the encrypted userPassword and use Cleartext-Password. So, no extra virtual servers needed. In your ldap.attrmap it's mapped to clrtxtPassword.
ldap.attrmap checkItem $GENERIC$ radiusCheckItem replyItem $GENERIC$ radiusReplyItem checkItem Cleartext-Password clrtxtPassword checkItem User-Password userPassword
I was under impression that this peap password would be the same for everybody. That's best done with a single DEFAULT users file entry. Ivcan Kalik Kalik Informatika ISP