Using encrypted passwords from LDAP
Steffen Langhammer
langhammer at gmail.com
Fri Aug 7 11:35:55 CEST 2009
Hi Alan,
its also possible to use PEAP-GTC (prefered).
If I see this table it should be possible to use also encrypted passwords
with EAP-GTC.
But in this case I never get a working configuration.
2009/8/7 Alan DeKok <aland at deployingradius.com>
> Steffen Langhammer wrote:
> > The LDAP-Server doesn't contain a clear-text password. They are
> > encrypted and this isn't allowed to change.
>
> hhttp://deployingradius.com/documents/protocols/compatibility.html
>
> > The password field is "userPassword".
> >
> > I was testing my LDAP-Configuration in Freeradius with NTRadPing.
> > If I make an authentication Request I get a response: Access_accept.
> > I am happy that freeradius can speak to LDAP :-))
> >
> > Now my problem is:
> > The wireless client is configured to LEAP, I enter the same user and
> > password as in NTRadPing Utility. But I don't get access.
>
> Your requirements are impossible to satisfy.
>
> > I don't understand what I have done wrong.
> > Maybee the eap-module is not able to forward the bind to the LDAP-Server
> ?
>
> No. Read the page given by the URL above. What you want to do is
> impossible.
>
> > If i use LEAP and set the password_attribute to an cleartext field in
> > ldap it works.
>
> Exactly.
>
> > I was setting as password_attribute the field to givenname and enter as
> > passwort the givenname of user.
> >
> > If I use the LEAP mode on the client the login to WLAN works fine (by
> > using cleartext)
> > But I have to use the encrypted password in LDAP because of security
> > reasons.
> >
> > What can I do ?
>
> Read the last section of that web page.
>
> Trying to do the impossible is an effort in futility. Change your
> requirements to something that is possible to do.
>
> My suggestion: don't do LEAP. It's insecure. Use another EAP method
> such as TTLS.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090807/dfb5b2da/attachment.html>
More information about the Freeradius-Users
mailing list