Hi Alan, its also possible to use PEAP-GTC (prefered). If I see this table it should be possible to use also encrypted passwords with EAP-GTC. But in this case I never get a working configuration. 2009/8/7 Alan DeKok <aland@deployingradius.com>
Steffen Langhammer wrote:
The LDAP-Server doesn't contain a clear-text password. They are encrypted and this isn't allowed to change.
hhttp://deployingradius.com/documents/protocols/compatibility.html
The password field is "userPassword".
I was testing my LDAP-Configuration in Freeradius with NTRadPing. If I make an authentication Request I get a response: Access_accept. I am happy that freeradius can speak to LDAP :-))
Now my problem is: The wireless client is configured to LEAP, I enter the same user and password as in NTRadPing Utility. But I don't get access.
Your requirements are impossible to satisfy.
I don't understand what I have done wrong. Maybee the eap-module is not able to forward the bind to the LDAP-Server ?
No. Read the page given by the URL above. What you want to do is impossible.
If i use LEAP and set the password_attribute to an cleartext field in ldap it works.
Exactly.
I was setting as password_attribute the field to givenname and enter as passwort the givenname of user.
If I use the LEAP mode on the client the login to WLAN works fine (by using cleartext) But I have to use the encrypted password in LDAP because of security reasons.
What can I do ?
Read the last section of that web page.
Trying to do the impossible is an effort in futility. Change your requirements to something that is possible to do.
My suggestion: don't do LEAP. It's insecure. Use another EAP method such as TTLS.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html