Support for other hash (like MD5, SHA1) using MSCHAPv2

Brivaldo Junior brivaldo.junior at
Wed Feb 2 17:46:11 CET 2011

> Brivaldo Junior wrote:
>> We use OpenLDAP here, and have many users with many fields
> userPassword
>> each one with one hash like, MD5, SHA1, SSHA, SMD5 and others. Using
>> PAP, work perfect, but, we want to use MSCHAPv2 because work with
>> simple conf (thinking on user side) on Windows, MacOSX and sometimes
>> Linux too.
> [1]

 I read this... ok.

>> Our idea is to get ClearText decoded on MSCHAP connection (get this
>> information) and encode using OpenSSL (same form used on PAP) to 
>> check
>> if hashes are the same of which were obtained from OpenLDAP.
> It's impossible. Alan DeKok.

 I really try to understand why it's impossible, because another 
 like dovecot and postfix do this. I imagine, the FreeRadius work with
 auth using another form (OpenLDAP is used do retrieve information, not
 to parse or auth, and of course, I see this enviroment on FreeRadius, 
 and like it).

 Get information of OpenLDAP, encode password from user, and compare 
 each other,
 this idea is so simple, of course, on simple enviroment too. On
 this case, I will use the "hard way", to understand why it's 

 Thanks for information Alan,

 Brivaldo Jr

More information about the Freeradius-Devel mailing list