"Chris Liles" <[EMAIL PROTECTED]> wrote: > But I have also read about some guy successfully using OpenLDAP with > PEAP because he stored the LM and NT password hashes in the ldap > schema along with the clear text password. With AD I suppose you > could extend the schema to store these as well, but you'd have to > manually update them when a password changes.
Yes. There are hooks in AD to do just that, but the software implementing the hooks has to be installed on every domain controller. > In my attempts to use ldap with active directory for PEAP it > wouldn't work, so I went samba. It works fine. Radiusd -X and the > mailing list are your best friends. :) AD doesn't supply passwords through LDAP. That's why the server ships with support for ntlm_auth. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html