Best/simplest authentication method to validate an encrypted user/password against encrypted known-good.
Alan DeKok
aland at deployingradius.com
Sat May 2 21:01:33 CEST 2020
On May 2, 2020, at 1:24 PM, Gleb Lisikh <in4bit.general at gmail.com> wrote:
>
> I was able to overcome the need for Cleartext password in MSCHAPv2 EAP inner tunnel authentication by adding python to /usr/local/etc/raddb/sites-enabled/inner-tunnel, as well as returning NT-Password in the config return.
> No other types of hashing have been otherwise recognized by mschap.
Yes, that's what you were told.
> It seems like a workable solution for now, unless this would be considered as not in line with best practices and/or will have some undesirable consequences.
As said before, Cleartext-Password and NT-Password are your only options. As such, using them is necessary.
This isn't about "best practices" or "undesirable consequences". Nothing else works, so these are your *only* practices.
Alan DeKok.
More information about the Freeradius-Users
mailing list