I assume by PEAP, you mean the most-often-seen PEAP/EAP-MSCHAPv2. In this case, MD5 is not involved anywhere. The passwords are hashed differently. As such, you must either have an NT hashed password (which is actually a unicode-encoded MD4 hash of the password) or a cleartext password in your directory. --Mike On Jun 6, 2006, at 3:36 AM, thomas hahusseau wrote:
Hello,
I would like to use PEAP to perfome authentication of wlan users , I choose PEAP because Users and Passwords are in an LDAP Server (OPEN-LDAP). According to me PEAP works like this :
Phase 1 :: TLS handshake the server authenticate to the client as a trusted radius serveur and a cipher tunel is created. Phase 2 :: Login + Password + Domain hashed with MD5 are send to the Radius Server which ask LDAP server for password and login.
acording to the doc file : realm_eap , freeradius supports only eap-tls (authentication based only on certificates (client + server ) lead and eap-MD5 ( according to me even if PEAP use MD5 hash , the EAP-MD5 is different with no mutual autenthication and no TLS handshake )
I dont want to use a full certifcate based solution like EAP-TLS or a authentification with no ciphered tunel like with EAP-MD5
Anyone could help me for using PEAP (or at least authentication with the two phases described upper) with freeradius ?
thank you.
Ps : sorry for english mistakes :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html