On May 2, 2020, at 1:24 PM, Gleb Lisikh <in4bit.general@gmail.com> wrote:
I was able to overcome the need for Cleartext password in MSCHAPv2 EAP inner tunnel authentication by adding python to /usr/local/etc/raddb/sites-enabled/inner-tunnel, as well as returning NT-Password in the config return. No other types of hashing have been otherwise recognized by mschap.
Yes, that's what you were told.
It seems like a workable solution for now, unless this would be considered as not in line with best practices and/or will have some undesirable consequences.
As said before, Cleartext-Password and NT-Password are your only options. As such, using them is necessary. This isn't about "best practices" or "undesirable consequences". Nothing else works, so these are your *only* practices. Alan DeKok.