windowsXP+LDAP+freeradius
Stefan Winter
stefan.winter at restena.lu
Thu Sep 7 13:17:56 CEST 2006
Hello,
> I was trying to use PAM authentication with freeradius for Win XP
> client (PEAP). I was getting error in the tls section. I posted to
> freeradius userlist. I got the reply as below. Is this right?. If not, Can
> I use LDAP+PEAP+freeradius.
Yes, the info was right. But _still_, your chances are very good that you can
use LDAP: your LDAP server needs to store the user passwords in clear text
and allow your LDAP admin user to retrieve them. This is a common scheme in
most LDAP instances, the notable exception being ActiveDirectory. But even
with ActiveDirectory you could do PEAP, it would just be a little m,ore
complicated than I outlined below (ntlm_auth, as the text you quoted
suggested).
Greetings,
Stefan Winter
>================================== You cannot use PAM to answer PEAP/MS-CHAP
> requests. You must either have the plaintext password for the user, the NT
> or LM hashes for their password, or access to an NT domain controller and
> use the "ntlm_auth" helper in the mschap module.
>
> ===========================================================================
Greetings
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060907/60d5cd9f/attachment.pgp>
More information about the Freeradius-Users
mailing list