Freeradius with EAP and LDAP
Sven Hartge
sven at svenhartge.de
Thu Dec 19 20:59:01 CET 2019
On 19.12.19 18:09, Juntunen, Jarkko wrote:
> Thanks for Your advice. We have run Freeradius in debug mode couple of
> hours and the problem seems to be ( at least in my opinion) missing of
> password in case of EAP authentication. And the problem is that I have no
> clue how to have Cleartext-password out of EAP-MSCHAP auth.
You don't get a cleartext password like with PAP from the NAS with *any*
CHAP authentication method.
That is the whole point of a Challange Handshake Authentication Protocol.
If you want to use MSCHAP, you *have* to have the password of the user
in the clear or as NT-Hash in your database.
There is no way around it. Please don't ask, how to make this use with
SHA passwords from LDAP.
It cannot be done.
Grüße,
Sven.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20191219/1a7a9b6e/attachment.sig>
More information about the Freeradius-Users
mailing list