i think you cannot use encrypted password we had the same problem and decide yo use ttls with pap we use secureW2 as client for xp and 2000 basile
Selon Martin Pauly <[EMAIL PROTECTED]>: > Hi everyone, > > We have shortly migrated our user database to OpenLDAP, keeping the > UNIX-crypted passwords. Now I would like to let wireless users authenticate > against this LDAP Server. Since we do not have a PKI in place, I have > set up an auth chain using PEAP/MSCHAPv2 (you might have guessed from my > previous posts). > For a first push, I split the chain and tested both LDAP and PEAP with > cleartext > passwords on the RADIUS side; they both work now. > > The big question is, of course, how to deal with the encrypted passwords. > Any Challenge-Response protocol such as MSCHAPv2 won't quite cut it, > unless you imagine fancy stuff like passing the seed for crypt to the > client first who can then in turn do the required hash ... > So what might be a feasible Option? TTLS has been a second option only > so far, since PEAP is already wired into Windows XP -- which is still > what most of our users will be running for some time :-| > On the other hand, I haven't seen anything like PEAP-PAP so far, but I > have seen there is TTLS-PAP and the like. > > Any suggestions? > Thanks, Martin > > -- > Dr. Martin Pauly Fax: 49-6421-28-26994 > HRZ Univ. Marburg Phone: 49-6421-28-23527 > Hans-Meerwein-Str. E-Mail: [EMAIL PROTECTED] > D-35032 Marburg > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -------------------------------------------------------- Ce message a été envoyé par le Webmail Sorbonne via IMP. http://courrier.sorbonne.fr/ http://mail.sorbonne.fr/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html