CJ O wrote:
Good Afternoon -
I've read through a lot of threads and documents and have piced information together, however I am still having issues. We are running an OpenLDAP with the passwords encrypted. I know that PEAP requires the clear text password to be stored in the LDAP Server,
No. See: http://deployingradius.com/documents/protocols/compatibility.html
however, I've read also that as long as FreeRadius can get the NTLM Password from LDAP PEAP should work.
We have also created a custom attribute call ntPasswd that hold the NTLM Hash of the users password. I have configured FreeRadius to authenicate to the LDAP server and set the password_attribute = ntPasswd. In the ldap.attrmap I've added to entries checkItem LM-Password ntPasswd and checkItem NT-Password ntPasswd.
In eap.conf i've set default_eap_type = peap In site-enable/default under authorize I've uncommented ldap.
You need to uncomment it in raddb/sites-enabled/inner-tunnel. See the debug output. It's running the inner-tunnel method, but LDAP isn't used there. Alan DeKok.