On Fri, Feb 03, 2017 at 08:59:12AM +0000, SolidSystems | Alex Grigorescu wrote:
But the goal is to be able to do user logins using the existing paswords without installing any 3rd party software on the clients (which is an impossible task).
Is there a way to make FreeRadius authenticate the users against OpenLDAP without having ClearText or NT Hash stored passwords?
No, MSCHAPv2 can only work with NT hash or cleartext passwords. The limitation is the protocols, not FreeRADIUS. See http://deployingradius.com/documents/protocols/compatibility.html Your only option with Windows (8 or newer) is to use EAP-TTLS/PAP. But Windows 7 can't do that without a 3rd party supplicant installed. Or, as you've found, either rehash all the passwords, or go one step better and use EAP-TLS with certificates. Matthew -- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>