(RADIATOR) PEAP, MS-CHAPv2 and LDAP
Jonn Martell
jonn.martell at ubc.ca
Mon Dec 22 15:36:34 CST 2003
We store the MSCHAPv2 hashes and compare against these. You do not need
to store passwords in clear text.
Our system has an LDAP/Oracle backend (non-Microsoft).
We're more than happy to provide any custom code back to open.com.au for
integration in the main code.
MSCHAPv2 support is essential in supporting PPTP and PEAP for a wireless
LAN service.
... Jonn Martell, Manager, UBC Wireless
Ingvar Berg (LI/EAB) wrote:
> CHAP requires the radius server to have access to the password in plain text, so MD5 or any other hash is ruled out.
> The simple solution is to store the password in plaintext, the more complicated is to store it 2way-encrypted and patch Radiator to decrypt the retrieved password before using it. But you'll have to solve the problem of changing the encryption key.
>
> /Ingvar
>
>
>>-----Original Message-----
>>From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
>>Behalf Of Sevcik Berndt
>>Sent: den 22 december 2003 11:24
>>To: radiator at open.com.au
>>Subject: (RADIATOR) PEAP, MS-CHAPv2 and LDAP
>>
>>
>>I found the following message in the archive:
>>
>>Tom Riziom's response to my PEAP problem indicates that PEAP may not
>>work wirh LDAP as noted below:
>>
>>btw. PEAP-MSCHAPV2 is not supported by an LDAP encrypted database,
>>will need to use clear-text (EAP-TTLS-PAP for example).
>>
>>
>>
>>My understanding that as long as I have an LDAP with MD5 passwords I
>>should be ok.
>>
>>We're are currently testing OpenLDAP as it supports MD5 passwords so
>>I'm assuming that should work.
>>
>>Any comments?
>>
>>Thanks in advance.
>>
>>John McFadden
>>
>>Is this right that I can use MS-CHAPv2 with OpenLDAP. Why can
>>I put in an attribut an MD5 encrypted password to use with MS-CHAPv2?
>>
>>Maybe that the reason why I always get Access-Reject when I
>>try to authenticate against an LDAP Server?
>>
>>
>>Berndt
>>
>>--
>>Diese Message wurde erstellt mit freundlicher Unterstuetzung
>>eines freilaufenden Pinguins aus artgerechter Freilandhaltung.
>>Sie ist garantiert frei von Microsoftschen Viren.
>>
>>-----------------------------------------
>>TGM - Die Schule der Technik
>>IT-Service
>>A-1200 Wien, Wexstr. 19-23
>>Tel. +43(1)33126/316 Fax: +43(1)33126/154
>>E-Mail: berndt.sevcik at tgm.ac.at
>>-----------------------------------------
>>
>>
>>===
>>Archive at http://www.open.com.au/archives/radiator/
>>Announcements on radiator-announce at open.com.au
>>To unsubscribe, email 'majordomo at open.com.au' with
>>'unsubscribe radiator' in the body of the message.
>>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list