FR1.0.5: EAP + LDAP + crypted passwds ??

Alan DeKok aland at ox.org
Mon Nov 14 19:09:48 CET 2005


aab+freeradius at drexel.edu wrote:
> Ok, I skimmed through the mailing list notes last night (mostly via 
> Google) and found a number of notes that said it was only possible 
> to do EAP authentications against an LDAP server if the server has
> either cleartext passwords or NT hashes in it.  Some of those notes
> were very old and the ldap_howto.txt doc is also rather old with no
> reference of 802.1x, so I'm hoping to get an updated answer.

  The answer hasn't changed.  It won't ever change.

> My LDAP choices are the AD domain controllers and our iPlanet LDAP
> servers - the iPlanet servers have crypted passwords and no NT hash
> info, so I believe they're out of this(?)  The AD LDAP might have a 
> way for me to make use of PEAP or TTLS, but I'm running into a bit
> of trouble with the user binding at this time.

  You can't use LDAP to authenticate PEAP to AD.

  Alan DeKok.



More information about the Freeradius-Users mailing list