FR1.0.5: EAP + LDAP + crypted passwds ??
Alan DeKok
aland at ox.org
Mon Nov 14 19:09:48 CET 2005
aab+freeradius at drexel.edu wrote:
> Ok, I skimmed through the mailing list notes last night (mostly via
> Google) and found a number of notes that said it was only possible
> to do EAP authentications against an LDAP server if the server has
> either cleartext passwords or NT hashes in it. Some of those notes
> were very old and the ldap_howto.txt doc is also rather old with no
> reference of 802.1x, so I'm hoping to get an updated answer.
The answer hasn't changed. It won't ever change.
> My LDAP choices are the AD domain controllers and our iPlanet LDAP
> servers - the iPlanet servers have crypted passwords and no NT hash
> info, so I believe they're out of this(?) The AD LDAP might have a
> way for me to make use of PEAP or TTLS, but I'm running into a bit
> of trouble with the user binding at this time.
You can't use LDAP to authenticate PEAP to AD.
Alan DeKok.
More information about the Freeradius-Users
mailing list