EAP-TTLS (PAP) not working with NT domain - debian freeradius 1.1.7
James McOrmond
jamesm at xandros.com
Wed Mar 19 21:03:02 CET 2008
Alan DeKok wrote:
> James McOrmond wrote:
>
>> This is a Samba NT domain, not AD. I do not have access to the plain
>> text password through Samba or LDAP.
>>
>
> Samba is a lot friendlier about passwords than AD is.
>
Of course it is.. <G> I probably should have mentioned samba in the
original message.
>> The "Protocol and Password Compatibility" chart and the "Authenticaiton
>> Systems and Password Compatibility" chart from the "Deploying RADIUS:
>> The Book" page specifically says PAP/ntlm_auth is functional. Regular
>> CHAP is not because it requires the clear-text password.
>>
> The issue is convincing the database to give FreeRADIUS *something* to
> use for authetnication. The web page lists ntlm_auth only because of AD
> limitations.
>
> With Samba, you just map the LDAP "ntpasswd" or "sambantpasswd"
> attribute to the RADIUS attribute. See ldap.attrmap.
>
OK. definitely progress. It's authenticating with EAP-TTLS now as
well.. But..
Using secureW2 in the windows client - if I put anything in the DOMAIN
field, it doesn't work well - likely because my userid is still
jamesm at MOODIE when it attempts to connect to ldap.
possibly I have the ntdomain hack stuff wrong? or maybe some realm
settings missing? suffix is enabled..
--
James A. McOrmond (jamesm at xandros.com)
Network Administrator
Xandros Corporation, Ottawa, Canada.
Morpheus: ...after a century of war I remember that which matters most:
*We are still HERE!*
More information about the Freeradius-Users
mailing list