Freeradius server does not authenticate when the password is in MD5
Matthew Newton
mcn4 at leicester.ac.uk
Thu Jan 30 21:56:31 CET 2014
On Thu, Jan 30, 2014 at 05:48:49PM -0200, Cleiton Rodrigues de Souza wrote:
> So there is no way to authenticate Windows clients if the passwords are
> stored encrypted with MD5?
Why does everyone find this so hard to believe that they have to
ask the question again?
You have two options -
use Windows >= 8, where you can use EAP-TTLS/PAP
use a 3rd party supplicant that supports EAP-TTLS/PAP
> So how can we store the passwords in the database unless they are in
> plaintext??
NTLM hash.
> And through EAP/TTLS, no option to encrypt passwords??
Pretty much everyone uses PEAP/EAP-MSCHAPv2 for a reason:
Microsoft haven't really given any other option. For password
storage choices, see above.
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list