ldap auto header MS-CHAPv2

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Mon Mar 15 14:42:11 CET 2010


Hi,

> no i don't have AD.
> 
> in other word, i cannot use windows xp supplicant  EAP-MSCHAPv2 to make the authentication protocol to authenticate users in openldap database using ssha1 password, that's right?


correct: http://deployingradius.com/documents/protocols/oracles.html


PEAPv0/MS-CHAPv2 requires MSCHAPv2 - thats challenge response.


the client never supplies the real password - therefore you cannot compare
to a password stored in LDAP.
 

what you need to use is an EAP method that uses PAP....eg EAP-TTLSv0/PAP

try using a supplicant on the windows machine that gives you this eg

http://open1x.sourceforge.net/

http://www.securew2.com/

...or grab a Mac OSX machine to do further testing - they have TTLS/PAP
support natively.


alan



More information about the Freeradius-Users mailing list