Hello, > I was trying to use PAM authentication with freeradius for Win XP > client (PEAP). I was getting error in the tls section. I posted to > freeradius userlist. I got the reply as below. Is this right?. If not, Can > I use LDAP+PEAP+freeradius.
Yes, the info was right. But _still_, your chances are very good that you can use LDAP: your LDAP server needs to store the user passwords in clear text and allow your LDAP admin user to retrieve them. This is a common scheme in most LDAP instances, the notable exception being ActiveDirectory. But even with ActiveDirectory you could do PEAP, it would just be a little m,ore complicated than I outlined below (ntlm_auth, as the text you quoted suggested). Greetings, Stefan Winter >================================== You cannot use PAM to answer PEAP/MS-CHAP > requests. You must either have the plaintext password for the user, the NT > or LM hashes for their password, or access to an NT domain controller and > use the "ntlm_auth" helper in the mschap module. > > =========================================================================== Greetings -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
pgpuGAfxdkDhA.pgp
Description: PGP signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html