free radius setup

Arran Cudbard-Bell a.cudbardb at
Tue Sep 10 21:07:06 CEST 2013

On 10 Sep 2013, at 19:15, "Swenson, Chris" <cswenson at> wrote:

> I understand a bit more why people were bring up plain text passwords now.
> My radius server is being presented with peap ms-chapV2 credentials and I want it to receive authentication from my openldap server.

What happened to that web gateway?

> It seems that the credentials in this format cannot be digested by openldap and acknowledged.
> The passwords in my openldap are encrypted as SHA
> Do I have this right?
> Is there an alternative.

* Use a different EAP method, OR
* Rehash all your credentials to NT-Password format, OR
* Harvest passwords and store them in Plaintext

> Maybe that FreeRadius 3.0.0 rc1 mentioned in one of the emails the other day?

No. It's good but it's not magic. You need the plaintext password for comparison, there's no way to transform the MSHCAPV2 responses in the cleartext password or to a SHA1 password.

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

More information about the Freeradius-Users mailing list