Mysql, Accounting and DialupAdmin
Fajar A. Nugraha
list at fajar.net
Thu Nov 8 08:57:59 CET 2012
On Thu, Nov 8, 2012 at 2:43 PM, Erich Titl <erich.titl at think.ch> wrote:
> Hi Fajar
>
> on 08.11.2012 08:16, Fajar A. Nugraha wrote:
> ...
>
>>
>> IIRC only one of them will be used. I suggest you dop MD5 (since it's
>> useless for your purpose) and Cleartext (you don't want that, right?)
>> and verify you use the correct NT-Password (use "smbencrypt" if you
>> haven't already done so)
>
> Yes, it appears that authentication using NT-Password hash works fine
> for M$. What would be the least common setting in a multi vendor
> environment. I guess, OSX, for example, is using a different protocol.
Most other supplicants can use EAP-MSCHAPv2 just fine, so you
shouldn't have any problems with other OS.
NT-Password should work with PAP as well, so PAP and TTLS-PAP should
also work, if you need to choose that for some reason.
Also note that storing NT-Passwords should be considered as insecure
as storing cleartext password (since "cracking" MD4 hash is
easy-enough), but at least you won't see the cleartext password in the
database.
--
Fajar
More information about the Freeradius-Users
mailing list