FDS + Freeradius = pain.

Alan DeKok aland at ox.org
Fri Feb 3 19:15:18 CET 2006

Joey McDonald <jmcdice at gmail.com> wrote:
> Well, I'm not using windows systems at all - I've got OSX clients and a
> linux-based PPTP server. The passwords are stored as SSHA in my LDAP
> directory. That finally makes sense as to why radtest works, so thanks!

  And it explains why MS-CHAP will never work.  It's *impossible*.

> My next question is, what Auth-Type should I be using for SSHA's
> stored in an LDAP directory. Clearly LDAP isn't going to be it if it
> doesn't support decrypting passwords and I don't wish to store
> passwords in plain text in the directory.

  Then you can't do MS-CHAP.  It's a s simple as that.

  If you're not willing to store clear-text passwords, you can store
NT-Passwords in LDAP.  But that's your ONLY other option to get
MS-CHAP to work.

  Alan DeKok.

More information about the Freeradius-Users mailing list