FreeRadius + OpenLDAP (SMD5) + Windows XP

Mercier Romain romain.mercier at univ-angers.fr
Fri Feb 9 13:04:00 CET 2007


I read that future version 2.0 will support SMD5 with pap module.
Could it solve my problem ? When will it be released ?

Quoting Phil Mayers <p.mayers at imperial.ac.uk>:

> Mercier Romain wrote:
>> Hi,
>>
>> I got a simple question but I don?t find anything to answer it.
>> Situation:
>> I got a database OpenLDAP which contains users info, mainly ?uid? and
>> ?userPassword? crypt with SMD5 and I can?t modify this encryption
>> type. I want Wireless users to have to authenticate to access the WLAN
>> without installing anything on users' PC (mainly Windows XP PCs).
>
> That's impossible I'm afraid.
>
>> Question:
>> Does anybody know if there is a way to authenticate users using this
>> password ?
>>
>> I tried using a clear-text password and that works but I cannot and
>> don't want to change userPassword encryption.
>
> Windows XP can only do:
>
>   EAP-TLS (using client and server X.509 certificates)
>   EAP-PEAP/MS-CHAPv2 (using server certs, and client username/password)
>
> To authenticate the MS-CHAP portion of the latter, FreeRadius must have
> either the plaintext password, the NT/LM hashes, or access to a domain
> controller via Samba and use of the ntlm_auth helper.
>
> If you don't want to install any software and don't have plaintext/NT/LM
> passwords, you're stuck.
> -
> List info/subscribe/unsubscribe? See   
> http://www.freeradius.org/list/users.html
>







More information about the Freeradius-Users mailing list