FreeRadius + OpenLDAP (SMD5) + Windows XP

Phil Mayers p.mayers at
Fri Feb 9 12:19:56 CET 2007

Mercier Romain wrote:
> Hi,
> I got a simple question but I don?t find anything to answer it.
> Situation:
> I got a database OpenLDAP which contains users info, mainly ?uid? and  
> ?userPassword? crypt with SMD5 and I can?t modify this encryption  
> type. I want Wireless users to have to authenticate to access the WLAN  
> without installing anything on users' PC (mainly Windows XP PCs).

That's impossible I'm afraid.

> Question:
> Does anybody know if there is a way to authenticate users using this  
> password ?
> I tried using a clear-text password and that works but I cannot and  
> don't want to change userPassword encryption.

Windows XP can only do:

  EAP-TLS (using client and server X.509 certificates)
  EAP-PEAP/MS-CHAPv2 (using server certs, and client username/password)

To authenticate the MS-CHAP portion of the latter, FreeRadius must have 
either the plaintext password, the NT/LM hashes, or access to a domain 
controller via Samba and use of the ntlm_auth helper.

If you don't want to install any software and don't have plaintext/NT/LM 
passwords, you're stuck.

More information about the Freeradius-Users mailing list