CJ O wrote: > Good Afternoon - > > I've read through a lot of threads and documents and have > piced information together, however I am still having issues. We are > running an OpenLDAP with the passwords encrypted. I know that PEAP > requires the clear text password to be stored in the LDAP Server,
No. See: http://deployingradius.com/documents/protocols/compatibility.html > however, I've read also that as long as FreeRadius can get the NTLM > Password from LDAP PEAP should work. > > We have also created a custom attribute call ntPasswd that hold the NTLM > Hash of the users password. I have configured FreeRadius to authenicate > to the LDAP server and set the password_attribute = ntPasswd. In the > ldap.attrmap I've added to entries checkItem LM-Password ntPasswd and > checkItem NT-Password ntPasswd. > > In eap.conf i've set default_eap_type = peap In site-enable/default > under authorize I've uncommented ldap. You need to uncomment it in raddb/sites-enabled/inner-tunnel. See the debug output. It's running the inner-tunnel method, but LDAP isn't used there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html