Hi Alan, its also possible to use PEAP-GTC (prefered). If I see this table it should be possible to use also encrypted passwords with EAP-GTC.
But in this case I never get a working configuration. 2009/8/7 Alan DeKok <[email protected]> > Steffen Langhammer wrote: > > The LDAP-Server doesn't contain a clear-text password. They are > > encrypted and this isn't allowed to change. > > hhttp://deployingradius.com/documents/protocols/compatibility.html > > > The password field is "userPassword". > > > > I was testing my LDAP-Configuration in Freeradius with NTRadPing. > > If I make an authentication Request I get a response: Access_accept. > > I am happy that freeradius can speak to LDAP :-)) > > > > Now my problem is: > > The wireless client is configured to LEAP, I enter the same user and > > password as in NTRadPing Utility. But I don't get access. > > Your requirements are impossible to satisfy. > > > I don't understand what I have done wrong. > > Maybee the eap-module is not able to forward the bind to the LDAP-Server > ? > > No. Read the page given by the URL above. What you want to do is > impossible. > > > If i use LEAP and set the password_attribute to an cleartext field in > > ldap it works. > > Exactly. > > > I was setting as password_attribute the field to givenname and enter as > > passwort the givenname of user. > > > > If I use the LEAP mode on the client the login to WLAN works fine (by > > using cleartext) > > But I have to use the encrypted password in LDAP because of security > > reasons. > > > > What can I do ? > > Read the last section of that web page. > > Trying to do the impossible is an effort in futility. Change your > requirements to something that is possible to do. > > My suggestion: don't do LEAP. It's insecure. Use another EAP method > such as TTLS. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
