Due to the way PEAP works, your passwords have to be clear-text, or reversibly encrypted on the server.
The MSCHAP hash that is generated for the PEAP inner authentication uses some dynamic information that causes your hash to change with each authentication. For this reason, the server needs to have access to the clear-text in order to properly compute its MSCHAP hash as well.
Does that help?
We are using TTLS->PAP, which allows us to keep hashed passwords on the server, for this exact reason.
- Terry
On Thursday, October 23, 2003, at 07:46 AM, ZAGO, Mauro wrote:
Is there any way to authenticate a wireless user with the account informations stored in LDAP and with an encrypted password (SHA1)???
I've got results only with users with plain-text passwords.... (LEAP and PEAP)
Thanks! ______
Mauro ______ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
