Am 26.05.2008 um 15:41 schrieb Matt Ashfield:

Hi,

 

We’re looking into using PEAP with MSChapV2,  instead of PAP (don’t want to use the SecureW2 client anymore) so are investigating ways to store the password in LDAP.

 

According to http://deployingradius.com/documents/protocols/compatibility.html ,the options are storing the password in Clear-Text or in an NT Hash (ntlm_auth).

 

In talking with our LDAP people, I was told the following:

SunOne does not support nt-hash passwords. Supported formats are CLEAR, CRYPT, DES, NS-MTA-MD5 (Netscape MD5), SHA, and SSHA.

Fedora Directory Server 1.1.0 supports CLEAR, CRYPT, DES, MD5, NS-MTA-MD5, SHA, SHA256, SHA384, SHA512, SSHA, SSHA256, SSHA384, and SSHA512.

 

 

It sounds to me like if we want to do PEAP/MSChapV2 we’d have to store the password in cleartext? I would just like to verify this via this list.


Yes, not any of the formats is NT Hash.

(NT Hash is the MD4 hash of the UTF-16LE encoding of the password.)

 

Any advice is appreciated.

 

Thanks


Have a nice day!

 

Matt

mda@unb.ca

 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Nicolas Goutte

 
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
 
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841