(RADIATOR) EAP_LEAP_MSCHAP_Convert

António Fernandes afernandes at egp.up.pt
Wed Jan 18 12:01:49 CST 2006 

Can't you use NTLM crypted passwords with CHAP? I think you can... I'm using
it to authenticate Windows VPN clients against a MySQL database and it's
working fine. You just have to add "{nthash}" before the encrypted password
and match it...


Antonio Fernandes


-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Ingvar Berg (LI/EAB)
Sent: quarta-feira, 18 de Janeiro de 2006 15:39
To: radiator at open.com.au
Subject: RE: (RADIATOR) EAP_LEAP_MSCHAP_Convert

 

> -----Original Message-----
> From: owner-radiator at open.com.au 
> [mailto:owner-radiator at open.com.au] On Behalf Of Joe Honnold
> Sent: den 18 januari 2006 15:09
> To: radiator at open.com.au
> Subject: (RADIATOR) EAP_LEAP_MSCHAP_Convert
> 
> I read thru the release notes for 3.14 came across the 
> EAP_LEAP_MSCHAP_Convert section.
> 
> "Added new parameter EAP_LEAP_MSCHAP_Convert that converts 
> incoming LEAP requests to conventional Radius-MSCHAP requests 
> that can then be handled locally or proxied to a remote 
> Radius server that cannot handle LEAP, but which can handle 
> Radius-MSCHAP. Also added example config file 
> goodies/eap_leap_proxy.cfg. Requested by Michael Ting."
> 
> I am interested in this as I think it may solve an issue I 
> have with LEAP using LDAP authentication.
> When working on LEAP authentication I hit the limitation that 
> LDAP passwords need to be stored in clear text.
> Is it possible the EAP_LEAP_MSCHAP_Convert would solve this issue?
> 
> 1.  LEAP request is recieved.
> 2.  Radiator using EAP_LEAP_MSCHAP_Convert makes the request 
> a standard Radius-MSCHAPV2 request.
> 3.  The request is handled locally or passed to another 
> Radiator server that does Radius-MSCHAPV2 via LDAP.
> 
> What am I missing?

The problem is that MSCHAP, like any other CHAP, needs the pw in clear.
/Ingvar
> TIA
> 
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au To 
> unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe 
> radiator' in the body of the message.
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list