my problem was that in LDAP i have the passwords save as SSHA, so i cant do 802.1x with EAP/PEAP/mschap
as i dont wanna change my LDAP configuration to store the passwords in clear-text, or to use samba.scheme and to use NT hash. The only option remaining from my view point was to try and distinguish between normal authentication and 802.1x authentication
thats why i came up with this realm stuff, to be able to authenticate 802.1x users in the users file (where i have user/passwords in clear-text) and normal users in LDAP (SSHA)
Ugh, how does that make sense? Why don't you want nt or clear passwords in ldap? Security? But it's so much easier to read a plain text (users) file than break into ldap.
thats why i was asking if, its possible, and if it functional, or maybe there is another solution then the one provided by Alan (to not use 802.1x) :D
There is only one solution if you want to use 802.1x: store passwords that peap can use. Ivan Kalik Kalik Informatika ISP