Attribute "User-Password" is required for authentication
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Tue Jun 19 10:43:20 CEST 2007
Phil Mayers wrote:
>>>
>> All the passwords stored in the ldap database are md5, is that going to work with peap?
>
> No. It's cryptographically impossible, sorry.
>
> Your only real option is TTLS+PAP, which will require installing supplicant software on windows machines e.g. SecureW2
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What we did here was setup a transparent capture of passwords when users
logged into one of our popular services.
We then took the captured passwords and populated a second attribute in
the LDAP directory with them (ntPassword).
Now all operations involving a change of users passwords write the SSHA
form of the password and the NT Hash form of the passwords, which is
nice because it means we can hang Samba off our OpenLDAP server too :)
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Users
mailing list