FW: MS-CHAP-v2 and CHAP with different passwords in LDAP

Edvin Seferovic edvin.seferovic at kolp.at
Sat Dec 8 23:23:29 CET 2007


Hello list members,

before somebody yells "not again" - I just wish to ask if it is possible to
use MS-CHAP and CHAP authentication with a LDAP backend which contains
clear-text passwords as well as NT-Password ( used for MS-CHAP ) ??? Alan -
yes/no answer please :)

If positive - can somebody give me an example of attribute mapping to ldap
for both ( MS-CHAP and CHAP ) to work ? 

My setup with LDAP as backend is working with a mapping of NT-Password to
sambaNTPassword like this :

checkItem       NT-Password                     sambaNTPassword

MS-CHAP works just fine !

For CHAP I added 

password_header = "{clear}"
password_attribute = "userPassword"
password_radius_attribute = "User-Password"

to the LDAP module configuration. But unfortunately chap module doesn't like
my clear-text password ( stored in userPassword ) for authentication :( How
else can I say CHAP where to look for the clear-text password.

Any hints please ?

TIA !

Regards,
E:S




More information about the Freeradius-Users mailing list