On 04/25/2011 02:44 PM, schilling wrote:
Could we extend the AD schema with another accessible ntPassword hash, and thus use LDAP against AD for PEAP/MSCHAP?
Yes, if you know everyones plaintext password. But if you do, you don't have this problem at all; you can just store Cleartext-Password in some secured SQL database and use that.
In short: it's usually impractical. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
