Brivaldo Junior wrote:
We use OpenLDAP here, and have many users with many fields userPassword each one with one hash like, MD5, SHA1, SSHA, SMD5 and others. Using PAP, work perfect, but, we want to use MSCHAPv2 because work with simple conf (thinking on user side) on Windows, MacOSX and sometimes Linux too. http://deployingradius.com/documents/protocols/compatibility.html [1]
I read this... ok.
Our idea is to get ClearText decoded on MSCHAP connection (get this information) and encode using OpenSSL (same form used on PAP) to check if hashes are the same of which were obtained from OpenLDAP. It's impossible. Alan DeKok.
I really try to understand why it's impossible, because another softwares like dovecot and postfix do this. I imagine, the FreeRadius work with auth using another form (OpenLDAP is used do retrieve information, not to parse or auth, and of course, I see this enviroment on FreeRadius, and like it). Get information of OpenLDAP, encode password from user, and compare each other, this idea is so simple, of course, on simple enviroment too. On this case, I will use the "hard way", to understand why it's impossible. Thanks for information Alan, Brivaldo Jr