Alan, I didn't find any option for the mschapv2 problem in your web page. Unencrypt ldap passwords is not a smart solution. It seems that windos xp client only accept mschapv2 or TLS to authenticate, if a use TLS, I cannot use ldap because only the client certificate is used to authenticate. In my network, I need to authenticate with the mail passwords stored in ldap. Server: red hat with freeradius Client: windows xp sp2 Protocols: PEAP + MSCHAPv2 + LDAP I don't use TLS because it only uses certificates to authenticate. Do you have any suggestion??? Alan DeKok <aland@deployingradius.com> escreveu: Eduardo Lima wrote:
So I'll have to unencrypt all the ldap passwords to use mschapv2???
Yes. See the web page for your options.
What about the ldap database security??
The LDAP database has to be kept secure. Please go read the web page again. If you want to use MS-CHAP, your options are limited for how to store passwords. If you don't like those options, then don't use MS-CHAP. If you want to store passwords via a different method than is permitted in the table, AND you want to use MS-CHAP, then you need to change your requirements to match reality. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!