Tom Rixom wrote:
Sorry about the previous email.... wasn't awake yet... here is a repost:
Hello,
If your LDAP back-end uses encrypted passwords certain authentication
methods cannot be used.
PEAP-EAP-MSCHAPV2 for example requires either clear-text passwords or Microsoft NT HASH passwords. I am not sure about LEAP.
Because SecureW2 v1 sends over the password in the clear it can be used on any kind of database encryption their is.
Are you using encryption in your LDAP database?
I'm using Active Directory which encrypt the password.
Tom Rixom Alfa & Ariss
Today, i succeeded a configuration with FreeRadius for EAP/TTLS (PAP) (SecureW2 client on Windows) which running with user/password check on Ldap back-end(AD).
But for EAP/PEAP and EAP/LEAP challenge use MS-CHAP or MS-CHAPV2 for hashing. So FreeRadius can't retreive clear-text password from packets and can't perform check on Ldap back-end.
Are you agree with this ?
I 'm searching a solution to authenticate LEAP client (Mac OSX) with FreeReadius and Ldap back-end.
Regards,
Jean-Paul.
smime.p7s
Description: S/MIME Cryptographic Signature
