Alan - Thank you. Making the change to the inner-tunnel worked. Regards CJ
Date: Thu, 13 Nov 2008 08:44:07 +0100 From: aland@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: FreeRadius 2.1.1 - OpenLDAP + NT hash + PEAP
CJ O wrote:
Good Afternoon -
I've read through a lot of threads and documents and have piced information together, however I am still having issues. We are running an OpenLDAP with the passwords encrypted. I know that PEAP requires the clear text password to be stored in the LDAP Server,
No. See:
http://deployingradius.com/documents/protocols/compatibility.html
however, I've read also that as long as FreeRadius can get the NTLM Password from LDAP PEAP should work.
We have also created a custom attribute call ntPasswd that hold the NTLM Hash of the users password. I have configured FreeRadius to authenicate to the LDAP server and set the password_attribute = ntPasswd. In the ldap.attrmap I've added to entries checkItem LM-Password ntPasswd and checkItem NT-Password ntPasswd.
In eap.conf i've set default_eap_type = peap In site-enable/default under authorize I've uncommented ldap.
You need to uncomment it in raddb/sites-enabled/inner-tunnel. See the debug output. It's running the inner-tunnel method, but LDAP isn't used there.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html