thank you for your quick and clear answer. between lines:
------------------------------
Message: 3 Date: Sun, 21 Sep 2014 02:33:01 +0200 From: Sven Hartge <sven@svenhartge.de> To: freeradius-users@lists.freeradius.org Subject: Re: using userPassword instead sambaNTPassword Message-ID: <541E1CBD.4050604@svenhartge.de> Content-Type: text/plain; charset="windows-1252"
On 19.09.2014 20:26, Nicol?s Guerra wrote:
please forgive my ignorance, I'm new in freeRADIUS, I'm just trying to make it work as I'd been asked (users should authenticate with the userPassword attr). You can't. Unless the userPassword attributed stores the password in plain text, it is mathematically impossible to get this to work with MS-CHAPv2. And by saying "impossible" I mean "impossible". It will never work. It can never work. Stop trying to get it to work. thank you for this advised ;-) You have some options:
a) Store the password also in a different attribute in plain text. Use that instead of the userPassword attribute for MS-CHAPv2. this is no the idea. plain text passwords are not secure in this working enviroment. b) Store the password also in the sambaNTPassword attribute, hashed in the format it needs to be. it does work this way, but the idea of using userPassword, is not depend of a samba user, or samba. c) Don't use MS-CHAPv2 but PAP. This will not work with any Windows prior to Windows 8. If you need to support Windows XP/Vista/7 without additional tools, this is no option for you. I liked this one, I'll try PAP, just one question, how about macOS? any problem with MAC? I don't care too much for oldest windows, in my job almost every windows is up to 8, or 8.1 and Linux works like a charm :-)
Gr??e, Sven. Sds, Nicolas.