free radius setup

Swenson, Chris cswenson at
Wed Sep 11 00:35:41 CEST 2013

Yes, I already saw that and this is why I am stuck.
I am using Aruba 3000 Wireless controllers running the 6.2.X.X code.
As I understand it when the laptop user selects the secure SSID they should be prompted for a username and password.
This username and password will be presented to radius as peap MS-CHAPV2.
Radius then needs to authenticate this against my Openldap where the passwords are encrypted as SHA,  thus bad end.
I could not find an encryption type in open ldap that would satisfy the chart.  

If it did work then I could take the info from radius accounting and pass it to our NAC control (Impulse Safe Connect) which will let 
the students onto the network after they pass some computer hygiene checks.

I have a population of 2000 college students who have little idea of what security really is.
And of course I am trying to do this on the typical budget provided by a non-profit such as my college is.

Chris S.

-----Original Message-----
From: John Dennis [mailto:jdennis at] 
Sent: Tuesday, September 10, 2013 6:09 PM
To: FreeRadius users mailing list
Cc: Swenson, Chris
Subject: Re: free radius setup

On 09/10/2013 02:15 PM, Swenson, Chris wrote:
> I understand a bit more why people were bring up plain text passwords now.
> My radius server is being presented with peap ms-chapV2 credentials 
> and I want it to receive authentication from my openldap server.
> It seems that the credentials in this format cannot be digested by 
> openldap and acknowledged.
> The passwords in my openldap are encrypted as SHA
> Do I have this right?
> Is there an alternative.
> Maybe that FreeRadius 3.0.0 rc1 mentioned in one of the emails the 
> other day?

Before you go any further you need to read and understand the material on this page:


More information about the Freeradius-Users mailing list