ldap auto header MS-CHAPv2
nf-vale
nf-vale at critical-links.com
Mon Mar 15 15:37:39 CET 2010
On Monday 15 March 2010 13:42:11 Alan Buxey wrote:
> Hi,
>
> > no i don't have AD.
> >
> > in other word, i cannot use windows xp supplicant EAP-MSCHAPv2 to make
> > the authentication protocol to authenticate users in openldap database
> > using ssha1 password, that's right?
>
> correct: http://deployingradius.com/documents/protocols/oracles.html
>
>
> PEAPv0/MS-CHAPv2 requires MSCHAPv2 - thats challenge response.
>
>
> the client never supplies the real password - therefore you cannot compare
> to a password stored in LDAP.
>
>
> what you need to use is an EAP method that uses PAP....eg EAP-TTLSv0/PAP
You can use EAP-PEAP as long as you store also samba NT/LM hashes in LDAP
(sambaLMPassword and sambaNTPassword). If you have these hashes you may use
Windows XP built-in supplicant.
>
> try using a supplicant on the windows machine that gives you this eg
>
> http://open1x.sourceforge.net/
>
> http://www.securew2.com/
>
> ...or grab a Mac OSX machine to do further testing - they have TTLS/PAP
> support natively.
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list