(RADIATOR) EAP_LEAP_MSCHAP_Convert
António Fernandes
afernandes at egp.up.pt
Wed Jan 18 12:01:49 CST 2006
Can't you use NTLM crypted passwords with CHAP? I think you can... I'm using
it to authenticate Windows VPN clients against a MySQL database and it's
working fine. You just have to add "{nthash}" before the encrypted password
and match it...
Antonio Fernandes
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Ingvar Berg (LI/EAB)
Sent: quarta-feira, 18 de Janeiro de 2006 15:39
To: radiator at open.com.au
Subject: RE: (RADIATOR) EAP_LEAP_MSCHAP_Convert
> -----Original Message-----
> From: owner-radiator at open.com.au
> [mailto:owner-radiator at open.com.au] On Behalf Of Joe Honnold
> Sent: den 18 januari 2006 15:09
> To: radiator at open.com.au
> Subject: (RADIATOR) EAP_LEAP_MSCHAP_Convert
>
> I read thru the release notes for 3.14 came across the
> EAP_LEAP_MSCHAP_Convert section.
>
> "Added new parameter EAP_LEAP_MSCHAP_Convert that converts
> incoming LEAP requests to conventional Radius-MSCHAP requests
> that can then be handled locally or proxied to a remote
> Radius server that cannot handle LEAP, but which can handle
> Radius-MSCHAP. Also added example config file
> goodies/eap_leap_proxy.cfg. Requested by Michael Ting."
>
> I am interested in this as I think it may solve an issue I
> have with LEAP using LDAP authentication.
> When working on LEAP authentication I hit the limitation that
> LDAP passwords need to be stored in clear text.
> Is it possible the EAP_LEAP_MSCHAP_Convert would solve this issue?
>
> 1. LEAP request is recieved.
> 2. Radiator using EAP_LEAP_MSCHAP_Convert makes the request
> a standard Radius-MSCHAPV2 request.
> 3. The request is handled locally or passed to another
> Radiator server that does Radius-MSCHAPV2 via LDAP.
>
> What am I missing?
The problem is that MSCHAP, like any other CHAP, needs the pw in clear.
/Ingvar
> TIA
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au To
> unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe
> radiator' in the body of the message.
>
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list