Chris Akens <[EMAIL PROTECTED]> wrote: > Ok, so from all the info I have gathered it is not possible to decrypt the > MS-CHAP password into a clear text. Is there any method to authenticate > wireless EAP clients to a kerberos server?
Not right now. > As of right now, things are looking bleak, seeing how rlm_krb5 needs > the plain-text password and MS-CHAP doesnt give that. Has anyone > attempted authenticating wireless EAP (specifically LEAP and PEAP) > clients to a kerberos? LEAP is impossible. PEAP is likewise impossible, as it doesn't send clear-text passwords, either. TTLS may work, but the server doesn't support it yet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html