Passwords for PEAP from AD-based LDAP
Alan DeKok
aland at deployingradius.com
Thu Jul 12 17:43:47 CEST 2007
Robert E. Toense wrote:
> This may be on the fringes of the scope of this group, but any pointers
> would be appreciated.
>
> I am attempting to setup EAP-PEAP authentication via FreeRadius and a
> Windows-based LDAP backend. The users accounts are in AD. After making
> it past a number of obstacles, I am communicating with the LDAP server,
> but found that neither LM-Passwords nor NT-Passwords are loaded into the
> LDAP. "Clear-text" is NOT an option, and is not available either,
Oh, they're in AD, but they're not available through LDAP. See:
http://deployingradius.com/documents/configuration/active_directory.html
> Yes, I could use ntlm_auth and probably get it working, but this is
> supposed to be LDAP-based, not SAMBA. The LDAP could move to a
> different environment. Use of standards is important to us.
1) Ask Microsoft to expose the password through LDAP.
2) Use Samba.
3) Use a real LDAP server.
Those are your choices.
Alan DeKok.
More information about the Freeradius-Users
mailing list