Greetings all, I'm quite new to FR and this list, but I have searched the archives and been unable to find the answers that I'm looking for.
I'm using 0.9.1 on a slackware-based distro to provide LEAP authentication for wireless clients through a Cisco Aironet 1200 wireless network. The client is a Macintosh iBook running Mac OS 10.2.8 (the latest patches have been applied). This all works quite nicely with the test accounts that I setup in the 'users' file: "testeap" Auth-Type := EAP, User-Password == "password" Now here's my problem, my "real" users are stored in an LDAP... The user passwords are stored in two attributes: in the userPassword attribute they're stored as MD5 hashed and in ntPassword they're stored as windows nt hashed. Nowhere in the LDAP are the passwords stored as clear text. After questioning some of the other list members, I've learned that LEAP requires access to a clear text password. As claufer was so kind to point out this section of the radiusd.conf: # Cisco LEAP # # Cisco LEAP uses the MS-CHAP algorithm (but not # the MS-CHAP attributes) to perform it's # authentication. # # As a result, LEAP *requires* access to the plain-text # User-Password, or the NT-Password attributes. # 'System' authentication is impossible with LEAP. The comments mention something about "...or the NT-Password attributes...". So, I'm wondering if I can understand this to mean that the NT password can be used instead of a clear text password?? Since we already have the NT hashed version of the password stored in our LDAP that would work beautifully. Am I reading this correctly? Or is my understanding clouded by my need to find a solution? I will greatly appreciate any comments or suggestions that can be offered. Bryan Woods Pomona Unified School District Pomona, CA (909)397-4800 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
