using userPassword instead sambaNTPassword
Sven Hartge
sven at svenhartge.de
Sun Sep 21 02:33:01 CEST 2014
On 19.09.2014 20:26, Nicolás Guerra wrote:
> please forgive my ignorance, I'm new in freeRADIUS, I'm just trying to
> make it work as I'd been asked (users should authenticate with the
> userPassword attr).
You can't.
Unless the userPassword attributed stores the password in plain text, it
is mathematically impossible to get this to work with MS-CHAPv2. And by
saying "impossible" I mean "impossible". It will never work. It can
never work. Stop trying to get it to work.
You have some options:
a) Store the password also in a different attribute in plain text. Use
that instead of the userPassword attribute for MS-CHAPv2.
b) Store the password also in the sambaNTPassword attribute, hashed in
the format it needs to be.
c) Don't use MS-CHAPv2 but PAP. This will not work with any Windows
prior to Windows 8. If you need to support Windows XP/Vista/7 without
additional tools, this is no option for you.
Grüße,
Sven.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140921/1efa427f/attachment.pgp>
More information about the Freeradius-Users
mailing list