(RADIATOR) Authenticating PPTP against LDAP crypt passwords?
Hugh Irvine
hugh at open.com.au
Mon Feb 24 15:28:05 CST 2003
Hello John -
The problem you have is that both MS-CHAP and UNIX crypt use one-way
encryption, so what you are asking is not possible. The Radiator
{rcrypt} si reversible encryption, similar to PAP.
regards
Hugh
On Tuesday, Feb 25, 2003, at 06:18 Australia/Melbourne, John McFadden
wrote:
> We are testing Radiator and are hoping to get
> around a PPTP/LDAP issue. I'm hoping someone can
> give us a little help.
>
> Our LDAP server users crypt passwords. The unix gurus don't want to
> support alternate passwords.
>
> I realize PPTP uses MS-CHAP which fail if directly used against crypt
> passwords.
>
> I was hoping Radiator was smart enought to detect and handle the
> password hash differences and handle but
> I assume that's a stretch.
>
> Has anyone used some kind of preauthenticate handler to support this
> requirement using
> the Radius::Rcrypt::decrypt() function as mentioned in the manual.
>
> Any comments or suggestions?
>
> Thanks in advance
> John McFadden
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list