On Jul 15, 2016, at 11:34 AM, Dom Latter <freeradius-users@latter.org> wrote:
Hi all,
for a couple of years now we have been using freeradius to support a Wifi network. We are using WPA2-Enterprise. We need to support clients running any and every operating system.
Currently we store passwords as plain text in a "radcheck" table in the database.
I am experimenting with replacing "User-Password" (yes, I know it should be "Cleartext-Password") with an "NT-Password" generated by smbencrypt.
So far it seems mostly okay with Windows, Android, iOS and MacOS. And Linux.
Are there any pitfalls or gotchas to watch out for? Any systems that only do MSCHAPv1 (which I believe requires the plain text password).
No. All modern supplicants and authentication clients use MSCHAPv2. The most common applications are PEAPv0 and PPTP. There's not a huge advantage in storing unsalted MD4 hashed passwords. -Arran