Hi, > I've been working on Freeradius with XP supplicants for a while but so far I > could't make it. Authentication against Active Directory works like a charm > (http://deployingradius.com/documents/configuration/active_directory.html).
whats going wrong with your windows XP clients? this isnt hard stuff really, thousands of sites use it in this way. > I want to authenticate several users against AD keeping in mind the following > conditions: > - Not use of certificates at all. > - Transparent authentication of clients in wireless networks using MS-CHAPv2 > (username and password they use to authenticate against AD). as Alan has said, impossible. you will need at least one certificate to be involved - thats the server cert. if you are worrying about deployment of the server cert and dont care that someone else can get such a cert then just get your server cert signed by a CA that comes with windows as standard (eg some VeriSign or such...). then its just a case of configuring the eap.conf section, configuring inner-tunnel to match requirements and then configure the windows . choose PEAP, -> dont login as login ID (unless login/pass is same as AD details!) configure the trust, set the server name to the CN in your cert, tick the correct CA dont login as guest ...thats pretty much it. then radiusd -X on this list if you have issues. i mean, what could go wrong? ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
