free radius setup

Swenson, Chris cswenson at
Tue Sep 10 21:52:55 CEST 2013

-----Original Message-----
From: at [ at] On Behalf Of Arran Cudbard-Bell
Sent: Tuesday, September 10, 2013 3:07 PM
To: FreeRadius users mailing list
Subject: Re: free radius setup

On 10 Sep 2013, at 19:15, "Swenson, Chris" <cswenson at> wrote:

> I understand a bit more why people were bring up plain text passwords now.
> My radius server is being presented with peap ms-chapV2 credentials and I want it to receive authentication from my openldap server.

What happened to that web gateway?
>>> my vague understanding of what I was getting into led to a misstatement.

> It seems that the credentials in this format cannot be digested by openldap and acknowledged.
> The passwords in my openldap are encrypted as SHA
> Do I have this right?
> Is there an alternative.

* Use a different EAP method, OR
* Rehash all your credentials to NT-Password format, OR
* Harvest passwords and store them in Plaintext

> Maybe that FreeRadius 3.0.0 rc1 mentioned in one of the emails the other day?

No. It's good but it's not magic. You need the plaintext password for comparison, there's no way to transform the MSHCAPV2 responses in the cleartext password or to a SHA1 password.
>>> Back to the drawing board for me. I may be back with more questions. Thanks

Arran Cudbard-Bell <a.cudbardb at> FreeRADIUS Development Team

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list