> I am trying to authenticate my network against Windows 2003 Active > Directory. With help from Ivan Kalik, I was able to use NTLM to > communicate with Windows 2003 server and authenticate EAP clients. On > the EAP side I am using PEAP since they are mostly windows XP clients > and I don't think there is another choice (please correct me if I am > wrong). However on the Radius server side, I seem to have options. It > seems that I can use NTLM, Kerberos 5 or LDAP to authenticate with > Windows Domain Controller. So my questions are: > > > > Can I use any of them?
No. Kerberos requires clear password in radius request, so it can't be used with peap. AD is sort of a (deliberately) broken ldap server. It won't pass the clear text password to non-Windows radius server - only to IAS. So you can't use AD as ldap for peap either. ntlm_auth it is. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
