Hello John,
if your phone does eap-md5 with the username and the password equal to
the mac address then it will work as is in PacketFence.
Also to use AD you need to be able to fetch the clear text password
which is not possible with LDAP.
To be able to make it work then you will need to proxy the request to
the NPS since it is to fetch the cleat text password.
It will require a little bit of unlang and realm configuration.
If you are interested to do that i will be able to explain you how to
configure it.
Regards
Fabrice
Le 19-07-22 à 08 h 01, John Sayce via PacketFence-users a écrit :
I've tried changing that setting (and restarting) but it doesn't seem to have
any effect. I assume that's because it controls how packetfence stores user
passwords in its local database rather than in active directory.
I appreciate that the password needs to be plain text, however I'm not sure how
that works with active directory from freeradius. I've configured active
directory to store the password with reversible encryption so it can be
decrypted to plain text. This in turn mean EAP-MD5 works when I use NPS (which
has the same requirements) but maybe that doesn't work with freeradius because
the mechanism to connect to the database doesn't support the way windows is
dealing with the password?
The log tends to suggest to me that's it's not even trying actice directory with EAP-MD5
despite there being no other authentication sources configured "Info: rlm_sql
(sql)"
I can't seem to find any documentation about this.
-----Original Message-----
From: Nicolas Quiniou-Briand via PacketFence-users
[mailto:packetfence-users@lists.sourceforge.net]
Sent: 22 July 2019 12:30
To: packetfence-users@lists.sourceforge.net
Cc: Nicolas Quiniou-Briand <n...@inverse.ca>
Subject: Re: [PacketFence-users] EAP-MD5 & Active Directory?
Hello John
On 2019-07-22 11:34 a.m., John Sayce via PacketFence-users wrote:
Mon Jul 22 10:13:31 2019 : Auth: (13018) Login incorrect (eap_md5:
Cleartext-Password is required for EAP-MD5 authentication):
[asd\switch1] (from client 10.8.4.2 port 31 cli 54:80:28:9c:50:50)
Try to change "Database passwords hashing method" setting to "plain" in Configuration
-> System configuration -> Main configuration -> Advanced.
As mentioned here [0], EAP-MD5 is only compatible with clear text passwords.
[0] http://deployingradius.com/documents/protocols/compatibility.html
--
Nicolas Quiniou-Briand
n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca Inverse inc.
:: Leaders behind SOGo (https://sogo.nu), PacketFence
(https://packetfence.org) and Fingerbank (http://fingerbank.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Fabrice Durand
fdur...@inverse.ca :: +1.514.447.4918 (x135) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence
(http://packetfence.org)
_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users
