About EAP-TTLS + MS-CHAPv2 authentication

Yuya Yanagi peacefull64 at gmail.com
Tue Jul 30 17:15:32 CEST 2019


Alan

>
>   OK.
>
>   How are the passwords stored in LDAP?  Clear text?  crypt?  Some other
> method?

The content of the attribute that holds the LDAP password is encrypted.
Apart from that, there is also an attribute that has an unencrypted
password, but since it is dangerous if it is described in the log etc,
encryption is used instead.

It is unclear whether this encrypted password is an NT hashed
password, so I will check it.

2019-07-31 0:08 GMT+09:00, Alan DeKok <aland at deployingradius.com>:
> On Jul 30, 2019, at 11:06 AM, Yuya Yanagi <peacefull64 at gmail.com> wrote:
>>
>> Thank you for your reply.
>>
>> The LDAP server uses OpenLDAP.
>
>   Then the database needs to supply a Cleartext-Password to FreeRAIDUS.
>
>> Authentication of Wifi_AP and wired LAN does not use AD.
>>
>> The attribute about the user is set to OpenLDAP.
>
>   OK.
>
>   How are the passwords stored in LDAP?  Clear text?  crypt?  Some other
> method?
>
>   Only Clear text passwords and NT hashed passwords are compatible with
> MS-CHAPv2.
>
>> The migration source passes authentication with MS-CHAPv2, but
>> Maybe you should choose MS-Chapv2?
>
>   They're the same thing.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list