=> use EAP-TTLS/PAP and you can use crypted passwords locally.
CHAP *is* already a hash. it thus needs the original clear-text password for verification.
ciao artur
Christophe Saillard wrote:
Hi,
Here's what I want to do :
- EAP-TTLS or PEAP authentication with login/password in the second phase (no EAP-TLS)
- Users are stored in the local Freeradius Database with Crypt-password attributes (MD5 hashed, because logins and passwords come from a Unix User Database)
- Authentication leads to assign users in a correct VLAN (Tunnel-Type ... attributes)
I've succeed with PEAP/MSCHAPv2 authentication but my password was in clear-text (with Meetinghouse Aegis Client)...
If you have any clue (configuration examples ...) I'll be very happy !!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
