Alan DeKok wrote:
After that, configure a plain-text password. EAP-TTLS with tunneledBut shouldn't FreeRADIUS be able to extract username and password from PAP packet and check those credentials by binding to LDAP ?
PAP, CHAP, MS-CHAP, EAP-MSCHAPv2, and EAP-GTC will work.
<sigh> Yes.
Great. So how do I configure it :-) to use LDAP CRYPT or MD5 hashes.
I would like to avoid having to store plain text passwords in the
LDAP database.
That's a false sense of security. See the FAQ.
It may be however that is how most password databases out there are set up. Point is that I already have hashed passwords and would like to use them. Having hundreds of users (re)set their passwords so they get plain text passwords doesn't seem like a good option since more than half of them will not do it and will seek tech support when things don't work :-(.
Vladimir
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
