802.1x with mschap-radius-ldap with ssha-1 passwords

Matt Ashfield mda at unb.ca
Mon Jul 17 21:16:37 CEST 2006

I was afraid you'd say that. What would you suggest as a workaround for this
problem? Could I do EAP-TTLS using the securew2 client instead? Or am I
better off creating a 2nd password attribute on the LDAP directory that is
maybe encoded as an NT-Password attribute or something like that.


Matt Ashfield
Network Analyst
Integrated Technology Services
University of New Brunswick
(506) 447-3033
mda at unb.ca 

-----Original Message-----
From: aland at nitros9.org [mailto:aland at nitros9.org] 
Sent: July 17, 2006 4:00 PM
To: mda at unb.ca; FreeRadius users mailing list
Subject: Re: 802.1x with mschap-radius-ldap with ssha-1 passwords

"Matt Ashfield" <mda at unb.ca> wrote:
> I'm trying to do 802.1x authentication using freeradius against an LDAP
> directory which stores the userPassword in an ssha-1 hash. My question is,
> is this possible? If so, how do I configure mschap for ssha-1 passwords?

  You don't.  It's impossible.

  Alan DeKok.

More information about the Freeradius-Users mailing list