FreeRadius 2.1.1 - OpenLDAP + NT hash + PEAP
Alan DeKok
aland at deployingradius.com
Thu Nov 13 08:44:07 CET 2008
CJ O wrote:
> Good Afternoon -
>
> I've read through a lot of threads and documents and have
> piced information together, however I am still having issues. We are
> running an OpenLDAP with the passwords encrypted. I know that PEAP
> requires the clear text password to be stored in the LDAP Server,
No. See:
http://deployingradius.com/documents/protocols/compatibility.html
> however, I've read also that as long as FreeRadius can get the NTLM
> Password from LDAP PEAP should work.
>
> We have also created a custom attribute call ntPasswd that hold the NTLM
> Hash of the users password. I have configured FreeRadius to authenicate
> to the LDAP server and set the password_attribute = ntPasswd. In the
> ldap.attrmap I've added to entries checkItem LM-Password ntPasswd and
> checkItem NT-Password ntPasswd.
>
> In eap.conf i've set default_eap_type = peap In site-enable/default
> under authorize I've uncommented ldap.
You need to uncomment it in raddb/sites-enabled/inner-tunnel. See the
debug output. It's running the inner-tunnel method, but LDAP isn't used
there.
Alan DeKok.
More information about the Freeradius-Users
mailing list