-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert E. Toense wrote:
I am attempting to setup EAP-PEAP authentication via FreeRadius and a Windows-based LDAP backend. The users accounts are in AD. After making it past a number of obstacles, I am communicating with the LDAP server, but found that neither LM-Passwords nor NT-Passwords are loaded into the LDAP. "Clear-text" is NOT an option, and is not available either, anyway. This problem must have been encountered by others. Assuming that it can be done, how do you get the password information out of AD and into LDAP in an appropriate format?
Yes, I could use ntlm_auth and probably get it working, but this is supposed to be LDAP-based, not SAMBA. The LDAP could move to a different environment. Use of standards is important to us.
PEAP uses MS-CHAPv2, which requires knowledge of some form of the clear-text password. LDAP does not give you clear-text password, therefore you must use ntlm_auth, it works well. - -- ============== +---------------------------------------------+ Martin Gadbois | "Please answer by yes or no. | Sr. SW Designer | Uncooperative user waste precious CPU time" | Colubris Networks Inc. | -- The Andromeda Strain, M. Crichton, 1969 | -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGlkba9Y3/iTTCEDkRAoiFAKCIgcVFpTK+T5WrsQBUqR0OnPMv2wCgxYyX 0TeTG+F6jBU9mkq85HAPst4= =qKq7 -----END PGP SIGNATURE-----