Freeradius with existing identity DB

Alan DeKok aland at
Mon May 8 14:40:37 CEST 2017

On May 8, 2017, at 7:57 AM, Simon Coy <simon at> wrote:
> I would like to attach a Freeradius instance to an existing database of users/passwords. identity stores passwords with the following hashing specification:
>         * PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.
>         * Format: { 0x01, prf (UInt32), iter count (UInt32), salt length (UInt32), salt, subkey }
>         * (All UInt32s are stored big-endian.)
> Does anybody know if this is compatible with Freeradius out of the box?

  It's not supported.

> I can see from the docs that SHA-2 is supported but it's not clear to me whether the above configuration will work.

  If it was supported, the documentation would say so.

  It shouldn't be hard to add, tho.  As always, patches are welcome.

  Alan DeKok.

More information about the Freeradius-Users mailing list