Hi, > no i don't have AD. > > in other word, i cannot use windows xp supplicant EAP-MSCHAPv2 to make the > authentication protocol to authenticate users in openldap database using > ssha1 password, that's right?
correct: http://deployingradius.com/documents/protocols/oracles.html PEAPv0/MS-CHAPv2 requires MSCHAPv2 - thats challenge response. the client never supplies the real password - therefore you cannot compare to a password stored in LDAP. what you need to use is an EAP method that uses PAP....eg EAP-TTLSv0/PAP try using a supplicant on the windows machine that gives you this eg http://open1x.sourceforge.net/ http://www.securew2.com/ ...or grab a Mac OSX machine to do further testing - they have TTLS/PAP support natively. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html