Thank you for clarifying that for me. Since my "real" users are in the LDAP, I won't be using the 'users' file. So where do I define the Auth-Type? And what value should it be set to?
And I'm guessing that I can setup the ldap section of 'modules' to use the 'password_attribute' in which we store the ntPassword? Does that sound correct? Bryan -----Original Message----- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 7:55 AM To: [EMAIL PROTECTED] Subject: Re: LEAP, LDAP & NT-password "Woods, Bryan" <[EMAIL PROTECTED]> wrote: > This all works quite nicely with the test accounts that I setup in the > 'users' file: > > "testeap" Auth-Type := EAP, User-Password == "password" Don't set Auth-Type to EAP. If there is an EAP message in the request, then the EAP module will take care of setting Auth-Type for you. > The comments mention something about "...or the NT-Password > attributes...". So, I'm wondering if I can understand this to mean > that the NT password can be used instead of a clear text password?? Yes. > Since we already have the NT > hashed version of the password stored in our LDAP that would work > beautifully. Am I reading this correctly? Or is my understanding > clouded by my need to find a solution? If you can pull the NT-Password out of the LDAP database, the EAP/LEAP module can use it for authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
