Hi,
We’re looking into using PEAP with MSChapV2, instead
of PAP (don’t want to use the SecureW2 client anymore) so are
investigating ways to store the password in LDAP.
According to http://deployingradius.com/documents/protocols/compatibility.html
,the options are storing the password in Clear-Text or in an NT Hash
(ntlm_auth).
In talking with our LDAP people, I was told the following:
SunOne does not
support nt-hash passwords. Supported formats are CLEAR, CRYPT, DES, NS-MTA-MD5
(Netscape MD5), SHA, and SSHA.
Fedora Directory Server 1.1.0 supports CLEAR, CRYPT, DES, MD5, NS-MTA-MD5, SHA,
SHA256, SHA384, SHA512, SSHA, SSHA256, SSHA384, and SSHA512.
It sounds to me like if we want to do PEAP/MSChapV2 we’d
have to store the password in cleartext? I would just like to verify this via
this list.
Any advice is appreciated.
Thanks
Matt
mda@unb.ca