EAP-TTLS (PAP) not working with NT domain - debian freeradius 1.1.7
Alan DeKok
aland at deployingradius.com
Wed Mar 19 19:22:19 CET 2008
James McOrmond wrote:
> This is a Samba NT domain, not AD. I do not have access to the plain
> text password through Samba or LDAP.
Samba is a lot friendlier about passwords than AD is.
> The "Protocol and Password Compatibility" chart and the "Authenticaiton
> Systems and Password Compatibility" chart from the "Deploying RADIUS:
> The Book" page specifically says PAP/ntlm_auth is functional. Regular
> CHAP is not because it requires the clear-text password.
The issue is convincing the database to give FreeRADIUS *something* to
use for authetnication. The web page lists ntlm_auth only because of AD
limitations.
With Samba, you just map the LDAP "ntpasswd" or "sambantpasswd"
attribute to the RADIUS attribute. See ldap.attrmap.
Alan DeKok.
More information about the Freeradius-Users
mailing list