FreeRadius 2.1.1 - OpenLDAP + NT hash + PEAP
CJ O
isodge at hotmail.com
Thu Nov 13 18:42:26 CET 2008
Alan -
Thank you. Making the change to the inner-tunnel worked.
Regards
CJ
> Date: Thu, 13 Nov 2008 08:44:07 +0100
> From: aland at deployingradius.com
> To: freeradius-users at lists.freeradius.org
> Subject: Re: FreeRadius 2.1.1 - OpenLDAP + NT hash + PEAP
>
> CJ O wrote:
> > Good Afternoon -
> >
> > I've read through a lot of threads and documents and have
> > piced information together, however I am still having issues. We are
> > running an OpenLDAP with the passwords encrypted. I know that PEAP
> > requires the clear text password to be stored in the LDAP Server,
>
> No. See:
>
> http://deployingradius.com/documents/protocols/compatibility.html
>
> > however, I've read also that as long as FreeRadius can get the NTLM
> > Password from LDAP PEAP should work.
> >
> > We have also created a custom attribute call ntPasswd that hold the NTLM
> > Hash of the users password. I have configured FreeRadius to authenicate
> > to the LDAP server and set the password_attribute = ntPasswd. In the
> > ldap.attrmap I've added to entries checkItem LM-Password ntPasswd and
> > checkItem NT-Password ntPasswd.
> >
> > In eap.conf i've set default_eap_type = peap In site-enable/default
> > under authorize I've uncommented ldap.
>
> You need to uncomment it in raddb/sites-enabled/inner-tunnel. See the
> debug output. It's running the inner-tunnel method, but LDAP isn't used
> there.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081113/842c2697/attachment.html>
More information about the Freeradius-Users
mailing list