> isn't it fantastic? (freeRadius, i mean) �:) Full ack, using freeRadius is fun (even the code itself didn't scare me off, although I had only time to take a short glimpse).
> I think i'm gonna do PEAP + LDAP with MSCHAPv2, and I also have > crypted passwords... so what i'm planning to do is a middle step: > people will have to authenticate via web the first time, in order to check > the password. Then, if its correct the password will be hashed in the air > to NT format. This value will be stored in LDAP in the ntpassword (samba hm, we do this already, except the NT-hashed password is not kept on the UN*X side but immediately passed on to our windows servers. So this _might_ be a way do authenticate our local users. In the long run, we want make this part of DFNRoaming, a yet-to-build-network of german university RADIUS servers proxying each other ==> use one Account to log on to almost any german university network. This would _probably_ require the password itself. > I've tested it, and freeRadius correctly retrieves the LDAP ntpassword while > authorizing, and authenticate with it PEAP+MSCHAPv2 ok against an XP > client... How do you configure this, i.e. how do you make FreeRadius retrieve the NT-hashed password first? Cheers, Martin -- Dr. Martin Pauly Fax: 49-6421-28-26994 HRZ Univ. Marburg Phone: 49-6421-28-23527 Hans-Meerwein-Str. E-Mail: [EMAIL PROTECTED] D-35032 Marburg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
