FR and PEAP question
Matt Ashfield
mda at unb.ca
Mon May 26 15:41:17 CEST 2008
Hi,
We're looking into using PEAP with MSChapV2, instead of PAP (don't want to
use the SecureW2 client anymore) so are investigating ways to store the
password in LDAP.
According to
http://deployingradius.com/documents/protocols/compatibility.html ,the
options are storing the password in Clear-Text or in an NT Hash (ntlm_auth).
In talking with our LDAP people, I was told the following:
SunOne does not support nt-hash passwords. Supported formats are CLEAR,
CRYPT, DES, NS-MTA-MD5 (Netscape MD5), SHA, and SSHA.
Fedora Directory Server 1.1.0 supports CLEAR, CRYPT, DES, MD5, NS-MTA-MD5,
SHA, SHA256, SHA384, SHA512, SSHA, SSHA256, SSHA384, and SSHA512.
It sounds to me like if we want to do PEAP/MSChapV2 we'd have to store the
password in cleartext? I would just like to verify this via this list.
Any advice is appreciated.
Thanks
Matt
mda at unb.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080526/53cbb2d5/attachment.html>
More information about the Freeradius-Users
mailing list