Authentification link with PEAP + PAM + LDAP

thomas hahusseau thomas.hahusseau at
Wed Jun 7 14:07:08 CEST 2006


Finally my boss is not interested in an PEAP authentication due to
password and login stocked in clear in the OpenLDAP database, and he
doesn't want to use the ntlm_auth to ask a Active Directory Server.

So I wonder if that kind of authentication is possible.

PEAP(MsCHAP) request --> Freeradius server (extract the hashed
password ) --> Authentication request sent to PAM (login + Hashed
password ) via rlm_auth ---> OpenLDAP Server ( compare hashed password
received with the one stocked in database )

PAM is used as mediator to permit comparason with hashed stocked in OpenLDAP.

My boss only wants cipher/hashed password and login.

More information about the Freeradius-Users mailing list