Freeradius support for password compatibility
Hello, I would like to have some information about Freeradius supports for RADIUS protocol and password compatibility. I already looked at https://networkradius.com/articles/2021/08/23/protocols-and-password-compati bility.html. I use EAP-TTLS/PAP to authenticate my users, and I would like to know if freeradius is able to apply a hash to the cleartext password transmitted within PAP module, when passwords are stored with an SHA256 or SHA512 encryption in an LDAP; or do I have to use "ldap bind as users" instead of the PAP module to authenticate my users. Thank you for your help, Florent VERCOURT
On Feb 9, 2023, at 8:02 AM, florentvercourt@gmail.com wrote:
I use EAP-TTLS/PAP to authenticate my users, and I would like to know if freeradius is able to apply a hash to the cleartext password transmitted within PAP module, when passwords are stored with an SHA256 or SHA512 encryption in an LDAP; or do I have to use "ldap bind as users" instead of the PAP module to authenticate my users.
Read "man rlm_pap". It can handle all of the common password formats The LDAP module will read the password from the database, and the PAP module will authenticate the user. All you need to do is configure the LDAP module, enable it, and send the server an Access-Request. It will work. Alan DeKok.
participants (2)
-
Alan DeKok -
florentvercourt@gmail.com