CHui wrote:
I would like to know if anyone has a work around to support PEAP (ms chap v2) client access authenticate against a LDAP server with bind operation. Currently, retrieving clear text password from LDAP is not an option.
No this is not possible. Only way you can authenticate via LDAP bind is using TTLS with PAP as inner tunnel authentication.
If you do need to use PEAP you will have to add NT/LM hashes in your LDAP directory. To do that extend the schema with Samba objects and download the smbldap-tools package. Of course this will involve users having to reset their passwords since you can't convert from MD5 to NT/LM.
Vladimir
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
