EAP-TTLS and PEAP auth problem ... sorry!!

Alan DeKok aland at ox.org
Sat Jul 9 07:11:38 CEST 2005

Gandalf the Gray <gtheg1 at yahoo.com> wrote:
> I would like to submit user and password to my LDAP
> server, and this one have to check the right
> relationship!

  LDAP is a database, not an authentication server.

  FreeRADIUS is an authentication server.

> Now: is it possible to tell MSCHAP to use LDAP or
> passwd file to authenticate the user?
> And, before this, is it possible to obtain the PW from
> the EAP challenge in order to submit it further?

  No.  It's impossible, and designed to be impossible.

  Make the LDAP server return a clear-text, or NT-Password to
FreeRADIUS, and it will Just Work.

  Any other combination is impossible.

  Alan DeKok.

More information about the Freeradius-Users mailing list