I was afraid you'd say that. What would you suggest as a workaround for this problem? Could I do EAP-TTLS using the securew2 client instead? Or am I better off creating a 2nd password attribute on the LDAP directory that is maybe encoded as an NT-Password attribute or something like that. Thanks Matt Ashfield Network Analyst Integrated Technology Services University of New Brunswick (506) 447-3033 mda@unb.ca -----Original Message----- From: aland@nitros9.org [mailto:aland@nitros9.org] Sent: July 17, 2006 4:00 PM To: mda@unb.ca; FreeRadius users mailing list Subject: Re: 802.1x with mschap-radius-ldap with ssha-1 passwords "Matt Ashfield" <mda@unb.ca> wrote:
I'm trying to do 802.1x authentication using freeradius against an LDAP directory which stores the userPassword in an ssha-1 hash. My question is, is this possible? If so, how do I configure mschap for ssha-1 passwords?
You don't. It's impossible. Alan DeKok.