PEAP w/ freeradius to LDAP storing ntPassword
Alan DeKok
aland at deployingradius.com
Wed Oct 6 20:19:09 CEST 2010
schilling wrote:
> We are trying to use ldap as backend database for dot1x peap
> authentication thru freeradius. The following link has good
> explanation.
>
> http://vuksan.com/linux/dot1x/802-1x-LDAP.html
Note it's 5 years old...
> But do we really need both ntpassword and lmpassword in the ldap directory?
No.
> windows client send username and ntpassword to NAS
> NAS send the username/ntpassword to radius in a tunnel
> radius unwrap the tunnel, using the username to fetch the ntpassword
> from ldap, do a comparison of ldap returned ntpassword and unwrapped
> ntpassword, if they are the same, authentication accept.
No. It's a *lot* more complicated than that.
All you need to do is to uncomment "ldap" in
raddb/sites-available/inner-tunnel, and it should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list