On 03/11/15 13:36, ozikat wrote: > Recently we would like to extend 389DS user into Radius for account > authorization and authentication (WiFi with WPA-Enterprise, Portal and etc) > > It seems like Freeradius only work with ClearText Password, i.e it > cannot read password attribute userPassword with SHA-HASHed. > > Anyone has workaround and idea on this? > > We have freeradius setup, and it seems it doesnt work with MSCHAPv2 ;(
In order to use MSCHAPv2 with any combination of RADIUS daemon and LDAP server you have to store plaintext passwords (or NT-Password Hashes) in your backend. This is not a limitation of freeradius or 389. It's by design. http://deployingradius.com/documents/protocols/compatibility.html J.
smime.p7s
Description: S/MIME Cryptographic Signature
-- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
