EAP-PEAP/MS-ChapV2 password storing options

Matt Ashfield mda at unb.ca
Tue Feb 13 14:26:17 CET 2007

Thanks for the link!

BTW, I have nothing against SecureW2, but if we don't have to install an
extra piece of software on 10,000 computers on campus, I'd like to avoid it!

-----Original Message-----
From: Alan DeKok [mailto:aland at deployingradius.com] 
Sent: February 13, 2007 2:57 AM
To: mda at unb.ca; FreeRadius users mailing list
Subject: Re: EAP-PEAP/MS-ChapV2 password storing options

Matt Ashfield wrote:
> We're trying to implement username/password authentication and so far are
> using EAP-PAP (with secureW2 client) because our passwords are stored in
> LDAP in a 1-way encrypted hash. 

  What's EAP-PAP?

> We're hoping to get away from this secureW2 implementation and would like
> use Windows built-in authentication, which seems to be EAP-PEAP with
> MS-ChapV2 authentication. 

  What's wrong with SecureW2?

> In order to get EAP-PEAP/MS-ChapV2 to work with FreeRadius, what are my
> options for storing the password in LDAP? Does it have to be clear-text?


  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Users mailing list