FR and PEAP question
Nicolas Goutte
nicolas.goutte at extragroup.de
Mon May 26 16:00:51 CEST 2008
Am 26.05.2008 um 15:41 schrieb Matt Ashfield:
> Hi,
>
>
>
> We’re looking into using PEAP with MSChapV2, instead of PAP (don’t
> want to use the SecureW2 client anymore) so are investigating ways
> to store the password in LDAP.
>
>
>
> According to http://deployingradius.com/documents/protocols/
> compatibility.html ,the options are storing the password in Clear-
> Text or in an NT Hash (ntlm_auth).
>
>
>
> In talking with our LDAP people, I was told the following:
>
> SunOne does not support nt-hash passwords. Supported formats are
> CLEAR, CRYPT, DES, NS-MTA-MD5 (Netscape MD5), SHA, and SSHA.
>
> Fedora Directory Server 1.1.0 supports CLEAR, CRYPT, DES, MD5, NS-
> MTA-MD5, SHA, SHA256, SHA384, SHA512, SSHA, SSHA256, SSHA384, and
> SSHA512.
>
>
>
>
>
> It sounds to me like if we want to do PEAP/MSChapV2 we’d have to
> store the password in cleartext? I would just like to verify this
> via this list.
>
Yes, not any of the formats is NT Hash.
(NT Hash is the MD4 hash of the UTF-16LE encoding of the password.)
>
>
> Any advice is appreciated.
>
>
>
> Thanks
>
Have a nice day!
>
>
> Matt
>
> mda at unb.ca
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
Nicolas Goutte
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080526/7c150eea/attachment.html>
More information about the Freeradius-Users
mailing list