> AD doesn't supply passwords through LDAP. That's why the server >ships with support for ntlm_auth.
That is right, I forgot that even if you are on a ssl/tls ldap connection as an administrator, you can't pull the password back from AD. What "hooks" are you talking about? The extensions for unix services? -- Chris Liles -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, May 25, 2006 11:36 AM To: FreeRadius users mailing list Subject: Re: PEAP + AD "Chris Liles" <[EMAIL PROTECTED]> wrote: > But I have also read about some guy successfully using OpenLDAP with > PEAP because he stored the LM and NT password hashes in the ldap > schema along with the clear text password. With AD I suppose you > could extend the schema to store these as well, but you'd have to > manually update them when a password changes. Yes. There are hooks in AD to do just that, but the software implementing the hooks has to be installed on every domain controller. > In my attempts to use ldap with active directory for PEAP it > wouldn't work, so I went samba. It works fine. Radiusd -X and the > mailing list are your best friends. :) AD doesn't supply passwords through LDAP. That's why the server ships with support for ntlm_auth. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
