Hi,

 

We’re looking into using PEAP with MSChapV2,  instead of PAP (don’t want to use the SecureW2 client anymore) so are investigating ways to store the password in LDAP.

 

According to http://deployingradius.com/documents/protocols/compatibility.html ,the options are storing the password in Clear-Text or in an NT Hash (ntlm_auth).

 

In talking with our LDAP people, I was told the following:

SunOne does not support nt-hash passwords. Supported formats are CLEAR, CRYPT, DES, NS-MTA-MD5 (Netscape MD5), SHA, and SSHA.

Fedora Directory Server 1.1.0 supports CLEAR, CRYPT, DES, MD5, NS-MTA-MD5, SHA, SHA256, SHA384, SHA512, SSHA, SSHA256, SSHA384, and SSHA512.

 

 

It sounds to me like if we want to do PEAP/MSChapV2 we’d have to store the password in cleartext? I would just like to verify this via this list.

 

Any advice is appreciated.

 

Thanks

 

Matt

mda@unb.ca