Re: 802.1x with mschap-radius-ldap with ssha-1 passwords

"Matt Ashfield" <[EMAIL PROTECTED]> wrote: > I guess the obvious question is why can't the Radius server simply perform a > bind attempt to the LDAP server during authentication, as opposed to trying > to compare the password received by the authenticator to the ssha-1 password > stored in ldap?

RE : 802.1x with mschap-radius-ldap with ssha-1 passwords

> I guess the obvious question is why can't the Radius server > simply perform a bind attempt to the LDAP server during > authentication, as opposed to trying to compare the password > received by the authenticator to the ssha-1 password stored in ldap? Because, in PEAP, the client doesn't sen

Re: 802.1x with mschap-radius-ldap with ssha-1 passwords

Hi, > I guess the obvious question is why can't the Radius server simply perform > a bind attempt to the LDAP server during authentication, as opposed to > trying to compare the password received by the authenticator to the ssha-1 > password stored in ldap? I guess the obvious answer is that it c

RE: 802.1x with mschap-radius-ldap with ssha-1 passwords

uly 17, 2006 7:51 PM To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: 802.1x with mschap-radius-ldap with ssha-1 passwords "Matt Ashfield" <[EMAIL PROTECTED]> wrote: > I was afraid you'd say that. What would you suggest as a workaround for this > problem? Cou

Re: 802.1x with mschap-radius-ldap with ssha-1 passwords

"Matt Ashfield" <[EMAIL PROTECTED]> wrote: > I was afraid you'd say that. What would you suggest as a workaround for this > problem? Could I do EAP-TTLS using the securew2 client instead? Yes. > Or am I better off creating a 2nd password attribute on the LDAP > directory that is maybe encoded

RE: 802.1x with mschap-radius-ldap with ssha-1 passwords

Could I do EAP-TTLS using the securew2 client instead? Yes, that's an option. And since EAP-TTLS is a standard you'll be able to have it work on a variety of clients (MAC OS, Pocket PC + SecureW2, Palm-OS, linux). Or am I better off creating a 2nd password attribute on the LDAP directory th

RE: 802.1x with mschap-radius-ldap with ssha-1 passwords

t: Re: 802.1x with mschap-radius-ldap with ssha-1 passwords "Matt Ashfield" <[EMAIL PROTECTED]> wrote: > I'm trying to do 802.1x authentication using freeradius against an LDAP > directory which stores the userPassword in an ssha-1 hash. My question is, > is this possibl

Re: 802.1x with mschap-radius-ldap with ssha-1 passwords

"Matt Ashfield" <[EMAIL PROTECTED]> wrote: > I'm trying to do 802.1x authentication using freeradius against an LDAP > directory which stores the userPassword in an ssha-1 hash. My question is, > is this possible? If so, how do I configure mschap for ssha-1 passwords? You don't. It's impossible