win2003 Active Directory authentication
Phil Mayers
p.mayers at imperial.ac.uk
Mon May 8 21:05:00 CEST 2006
Frank Smith wrote:
> Thanks for all your replies. This is simply to do 802.1x
> authentication. Nothing to do with wireless. This is my first whack at
> radius all together. Based on what you guys are saying, it sounds like
> Radius -> Pam -> Pam-LDAP -> Active Directory sounds like the way to
> go. Any objections?
If you are using the standard windows XP supplicant, LDAP will not
support any of the mechanisms available. The mechs are the same as on
the wireless side and are:
1. EAP-MD5 - requires IAS and reversible passwords on the DC
2. MS-CHAP - requires samba/ntlm_auth
3. EAP-TLS - requires certificates, does not need nor can use LDAP
4. EAP-PEAP+MS-CHAP - as per 2
So LDAP will not help you. There is no EAP-PAP in XP, nor EAP-PEAP+GTC.
More information about the Freeradius-Users
mailing list