NTLM hashed passwords.

Alan DeKok aland at deployingradius.com
Fri Jul 15 17:40:41 CEST 2016


On Jul 15, 2016, at 11:34 AM, Dom Latter <freeradius-users at latter.org> wrote:
> for a couple of years now we have been using freeradius to support
> a Wifi network.  We are using WPA2-Enterprise.  We need to support
> clients running any and every operating system.
> 
> Currently we store passwords as plain text in a "radcheck" table
> in the database.
> 
> I am experimenting with replacing "User-Password" (yes, I know it
> should be "Cleartext-Password") with an "NT-Password" generated by
> smbencrypt.
> 
> So far it seems mostly okay with Windows, Android, iOS and MacOS.
> And Linux.

  That's not the real criteria.

> Are there any pitfalls or gotchas to watch out for?  Any
> systems that only do MSCHAPv1 (which I believe requires
> the plain text password).

  The definitive answer is here:

http://deployingradius.com/documents/protocols/compatibility.html

  Note there is no mention of OS.  Just authentication protocol.  See your OS documentation for what authentication protocols it supports, and then look up the protocol in the table.

  Alan DeKok.




More information about the Freeradius-Users mailing list