On Monday 15 March 2010 13:42:11 Alan Buxey wrote: > Hi, > > > no i don't have AD. > > > > in other word, i cannot use windows xp supplicant EAP-MSCHAPv2 to make > > the authentication protocol to authenticate users in openldap database > > using ssha1 password, that's right? > > correct: http://deployingradius.com/documents/protocols/oracles.html > > > PEAPv0/MS-CHAPv2 requires MSCHAPv2 - thats challenge response. > > > the client never supplies the real password - therefore you cannot compare > to a password stored in LDAP. > > > what you need to use is an EAP method that uses PAP....eg EAP-TTLSv0/PAP
You can use EAP-PEAP as long as you store also samba NT/LM hashes in LDAP (sambaLMPassword and sambaNTPassword). If you have these hashes you may use Windows XP built-in supplicant. > > try using a supplicant on the windows machine that gives you this eg > > http://open1x.sourceforge.net/ > > http://www.securew2.com/ > > ...or grab a Mac OSX machine to do further testing - they have TTLS/PAP > support natively. > > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html