Barry Stewart <[EMAIL PROTECTED]> wrote: > I know you need to bind to LDAP with a clear text password. Apparently > this isn't possible with eap/peap.
Exactly. > According to the docs you need to extract the password from LDAP > first and then do the comparison from instead of authenticating from > LDAP. Does this mean the passwords in the LDAP directory have to be > stored in plain text? Or as NT-Passwords (MD4 hashes of the plain-text password) > When I set the Windows XP clients up with ms-chapv2/peap I was able > to authenticate from clear text passwords in the users file. I don't > know much about ms-chap. Is it a one way encryption algorithm such as > MD5 Yes. > I am running radiusd in debugging mode and it seems to be failing with > the following: > > rlm_ldap: - authenticate > rlm_ldap: Attribute "User-Password" is required for authentication. You have told the server to do username/password binding to LDAP, for authentication. Don't do this for PEAP. > I'm guessing the problem is that the password just isn't being sent > in clear text so the module quits. The problem is also that you're setting Auth-Type to LDAP when you're not supposed to. Don't set it to anything. The server will figure it out for itself. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
