Authentification link with PEAP + PAM + LDAP

Alan DeKok aland at nitros9.org
Wed Jun 7 16:48:10 CEST 2006


"thomas hahusseau" <thomas.hahusseau at gmail.com> wrote:
> So I wonder if that kind of authentication is possible.
> 
> PEAP(MsCHAP) request --> Freeradius server (extract the hashed
> password )

  There is NO hashed password in MSCHAP.  Extraction is IMPOSSIBLE.

> PAM is used as mediator to permit comparason with hashed stocked in OpenLDAP.

  PAM is not a magic solution that lets you do something FreeRADIUS
can't.  PAM does a lot LESS than FreeRADIUS, in fact.

> My boss only wants cipher/hashed password and login.

  As Joe said, store NT-Password in LDAP.

  Alan DeKok.




More information about the Freeradius-Users mailing list