Eduardo Lima wrote: > Alan, I didn't find any option for the mschapv2 problem in your web page.
I have no idea what you mean by that. The compatibility page you were pointed to is all that matters here: http://deployingradius.com/documents/protocols/compatibility.html > Unencrypt ldap passwords is not a smart solution. You are being naive and unrealistic. Your choices for what is stored in LDAP are given in the table. Look up the authentication protocol you want to use, and find out which password storage methods are compatible. Pick one. > It seems that windos xp client only accept mschapv2 or TLS to > authenticate, if a use TLS, I cannot use ldap because only the client > certificate is used to authenticate. Which is spelled out in the table on the web page... which I wrote. Which I'm very familiar with. > In my network, I need to authenticate with the mail passwords stored in > ldap. In .... what format? > Protocols: PEAP + MSCHAPv2 + LDAP PEAP is an authentication protocol. LDAP is a database. Go read the web page. It appears you either haven't read it, or you haven't understood it. > I don't use TLS because it only uses certificates to authenticate. > > Do you have any suggestion??? Choose one of the password storage methods given on the web page for PEAP. If you don't like those methods, then stop posting messages on this list. What you want is impossible, and you're unprepared to accept that it's impossible. It can't be done, and you're wasting your time trying to come up with a solution that doesn't exist. This is not something I control. This is the way things are. Deal with it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html