FreeRadius + OpenLDAP (SMD5) + Windows XP
Phil Mayers
p.mayers at imperial.ac.uk
Fri Feb 9 12:19:56 CET 2007
Mercier Romain wrote:
> Hi,
>
> I got a simple question but I don?t find anything to answer it.
> Situation:
> I got a database OpenLDAP which contains users info, mainly ?uid? and
> ?userPassword? crypt with SMD5 and I can?t modify this encryption
> type. I want Wireless users to have to authenticate to access the WLAN
> without installing anything on users' PC (mainly Windows XP PCs).
That's impossible I'm afraid.
> Question:
> Does anybody know if there is a way to authenticate users using this
> password ?
>
> I tried using a clear-text password and that works but I cannot and
> don't want to change userPassword encryption.
Windows XP can only do:
EAP-TLS (using client and server X.509 certificates)
EAP-PEAP/MS-CHAPv2 (using server certs, and client username/password)
To authenticate the MS-CHAP portion of the latter, FreeRadius must have
either the plaintext password, the NT/LM hashes, or access to a domain
controller via Samba and use of the ntlm_auth helper.
If you don't want to install any software and don't have plaintext/NT/LM
passwords, you're stuck.
More information about the Freeradius-Users
mailing list