PEAP with LDAP as authentication source
Óscar Remírez de Ganuza Satrústegui
oscarrdg at unav.es
Tue Aug 30 11:01:17 CEST 2016
Good morning,
<http://www.unav.edu/web/it/>
On Mon, Aug 29, 2016 at 2:02 PM, Ana Gallardo Gómez <anaougu at gmail.com>
wrote:
> > I don't know if I can use PEAP with LDAP as authentication source...
> >
> > Yes, you can. But you have to use LDAP as a *database*. You cannot do
> > an LDAP bind.
> >
>
> Ok, I can't becouse my passwords are store in crypt...
>
In order to do MSCHAPv2 auth, you must store your passwords in LDAP as
Cleartext passwd or NTpassword. And get them to let freeradius create
mschapv2 hashes.
See [1].
Otherwise, you can use ntlm_auth/winbind to let freeradius authenticate
against a Windows Domain (samba/Active Directory).
See [2]
Regards,
[1] http://deployingradius.com/documents/protocols/compatibility.html
[2] http://deployingradius.com/documents/configuration/active_directory.html
*Oscar Remírez de Ganuza Satrústegui*
IT Services
Universidad de Navarra
Tel. +34 948425600 x803130
http://www.unav.edu/web/it/
More information about the Freeradius-Users
mailing list