LDAP/MSCHAP

Sven Hartge sven at svenhartge.de
Sat Nov 12 22:52:55 CET 2011


Andreas Rudat <rudat at endstelle.de> wrote:
> Am 11.11.2011 03:56, schrieb Fajar A. Nugraha:
>> On Fri, Nov 11, 2011 at 8:29 AM, Gary Gatten <Ggatten at waddell.com> wrote:

>>> I agree with Jake, in that I *think* it would be possible to have a
>>> plugin or whatever interface with LDAP/AD in the same manner
>>> ntlm_auth does.  I don't think one *needs* a cleartext password, but
>>> does need some way to compare apples-to-apples.
>> That's exactly what Alan is saying: " store your passwords in the
>> LDAP as NT-Password or LM-Password "

> But if that works, why then all are saying that you can just work with
> plaintext? Its realy confusing.

NT/LM-Password is "special". This is why it works with MSCHAPv2, both
being a MicroSoft "invention".

S°

-- 
Sigmentation fault. Core dumped.




More information about the Freeradius-Users mailing list