EAP-PEAP/MS-ChapV2 password storing options
Hi All, I'm sure this is a simple question, and I thought I'd pose it here in hopes of a quick response. We're trying to implement username/password authentication and so far are using EAP-PAP (with secureW2 client) because our passwords are stored in LDAP in a 1-way encrypted hash. We're hoping to get away from this secureW2 implementation and would like to use Windows built-in authentication, which seems to be EAP-PEAP with MS-ChapV2 authentication. As such, we're meeting with the LDAP folks to negotiate how to store passwords in LDAP...soo...my question is: In order to get EAP-PEAP/MS-ChapV2 to work with FreeRadius, what are my options for storing the password in LDAP? Does it have to be clear-text? Thanks Matt mda@unb.ca
Matt Ashfield wrote:
In order to get EAP-PEAP/MS-ChapV2 to work with FreeRadius, what are my options for storing the password in LDAP? Does it have to be clear-text?
I think this is what you want: http://deployingradius.com/documents/protocols/compatibility.html -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com
Matt Ashfield wrote:
We're trying to implement username/password authentication and so far are using EAP-PAP (with secureW2 client) because our passwords are stored in LDAP in a 1-way encrypted hash.
What's EAP-PAP?
We're hoping to get away from this secureW2 implementation and would like to use Windows built-in authentication, which seems to be EAP-PEAP with MS-ChapV2 authentication.
What's wrong with SecureW2?
In order to get EAP-PEAP/MS-ChapV2 to work with FreeRadius, what are my options for storing the password in LDAP? Does it have to be clear-text?
http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Thanks for the link! BTW, I have nothing against SecureW2, but if we don't have to install an extra piece of software on 10,000 computers on campus, I'd like to avoid it! Matt -----Original Message----- From: Alan DeKok [mailto:aland@deployingradius.com] Sent: February 13, 2007 2:57 AM To: mda@unb.ca; FreeRadius users mailing list Subject: Re: EAP-PEAP/MS-ChapV2 password storing options Matt Ashfield wrote:
We're trying to implement username/password authentication and so far are using EAP-PAP (with secureW2 client) because our passwords are stored in LDAP in a 1-way encrypted hash.
What's EAP-PAP?
We're hoping to get away from this secureW2 implementation and would like to use Windows built-in authentication, which seems to be EAP-PEAP with MS-ChapV2 authentication.
What's wrong with SecureW2?
In order to get EAP-PEAP/MS-ChapV2 to work with FreeRadius, what are my options for storing the password in LDAP? Does it have to be clear-text?
http://deployingradius.com/documents/protocols/compatibility.html Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (3)
-
Alan DeKok -
Dennis Skinner -
Matt Ashfield