Maurice James <midnightsteel@msn.com> wrote:
How do I do it?
You need a password in the clear in your LDAP directory, not hashed. I use a different (self defined) attribute in my LDAP directory to do this and use ldap.attrmap to map this attribute (called gifb-NetzPassword in my schema) to the required RADIUS-Attribute-Name: checkItem Cleartext-Password gifb-NetzPassword And no, there is _no_ way to use _any_ CHAP method using an encrypted or hashed password.
Radius to ldap works no problem
Yes, because this most definitely uses PAP as authentication method, which works with hashed/encrypted passwords.
Wireless to radius to ldap does not
This is because the windows wireless supplicant can only use MSCHAPv2 (or ans SSL cert) to authenticate. This is a FAQ item, I suggest you to read the documentation on the website again. http://wiki.freeradius.org/index.php/FAQ#PAP_authentication_works_but_CHAP_f... Grüße, Sven. -- Sig lost. Core dumped.