PEAP + AD
Alan DeKok
aland at nitros9.org
Thu May 25 17:35:46 CEST 2006
"Chris Liles" <Chris.Liles at air2web.com> wrote:
> But I have also read about some guy successfully using OpenLDAP with
> PEAP because he stored the LM and NT password hashes in the ldap
> schema along with the clear text password. With AD I suppose you
> could extend the schema to store these as well, but you'd have to
> manually update them when a password changes.
Yes. There are hooks in AD to do just that, but the software
implementing the hooks has to be installed on every domain controller.
> In my attempts to use ldap with active directory for PEAP it
> wouldn't work, so I went samba. It works fine. Radiusd -X and the
> mailing list are your best friends. :)
AD doesn't supply passwords through LDAP. That's why the server
ships with support for ntlm_auth.
Alan DeKok.
More information about the Freeradius-Users
mailing list