schilling wrote: > We are trying to use ldap as backend database for dot1x peap > authentication thru freeradius. The following link has good > explanation. > > http://vuksan.com/linux/dot1x/802-1x-LDAP.html
Note it's 5 years old... > But do we really need both ntpassword and lmpassword in the ldap directory? No. > windows client send username and ntpassword to NAS > NAS send the username/ntpassword to radius in a tunnel > radius unwrap the tunnel, using the username to fetch the ntpassword > from ldap, do a comparison of ldap returned ntpassword and unwrapped > ntpassword, if they are the same, authentication accept. No. It's a *lot* more complicated than that. All you need to do is to uncomment "ldap" in raddb/sites-available/inner-tunnel, and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html