AW: (RADIATOR) PEAP, MS-CHAPv2 and LDAP
Hugh Irvine
hugh at open.com.au
Mon Dec 22 15:19:52 CST 2003
Hello Berndt -
You can use the supplied "rcrypt" command (in the "goodies" directory)
together with the RcryptKey parameter in your AuthBy clause.
See section 6.17.21 in the Radiator 3.7.1 reference manual
("doc/ref.html").
regards
Hugh
On 22/12/2003, at 10:50 PM, Sevcik Berndt wrote:
> MS-ChapV2 with PEAP is now working but I use a Plain Text password in
> my
> database which I do not like very much.
>
> Has someone an idea how I can save encrypted passwords in my openldap
> directory for using PEAP with MS-CHAPv2.
>
> Berndt
>
>
> -----Ursprüngliche Nachricht-----
> Von: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] Im
> Auftrag von Sevcik Berndt
> Gesendet: Montag, 22. Dezember 2003 11:24
> An: radiator at open.com.au
> Betreff: (RADIATOR) PEAP, MS-CHAPv2 and LDAP
>
> I found the following message in the archive:
>
> Tom Riziom's response to my PEAP problem indicates that PEAP may not
> work wirh LDAP as noted below:
>
> btw. PEAP-MSCHAPV2 is not supported by an LDAP encrypted database,
> will need to use clear-text (EAP-TTLS-PAP for example).
>
>
>
> My understanding that as long as I have an LDAP with MD5 passwords I
> should be ok.
>
> We're are currently testing OpenLDAP as it supports MD5 passwords so
> I'm assuming that should work.
>
> Any comments?
>
> Thanks in advance.
>
> John McFadden
>
> Is this right that I can use MS-CHAPv2 with OpenLDAP. Why can I put in
> an
> attribut an MD5 encrypted password to use with MS-CHAPv2?
>
> Maybe that the reason why I always get Access-Reject when I try to
> authenticate against an LDAP Server?
>
>
> Berndt
>
> --
> Diese Message wurde erstellt mit freundlicher Unterstuetzung
> eines freilaufenden Pinguins aus artgerechter Freilandhaltung.
> Sie ist garantiert frei von Microsoftschen Viren.
>
> -----------------------------------------
> TGM - Die Schule der Technik
> IT-Service
> A-1200 Wien, Wexstr. 19-23
> Tel. +43(1)33126/316 Fax: +43(1)33126/154
> E-Mail: berndt.sevcik at tgm.ac.at
> -----------------------------------------
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list