Joey McDonald <[EMAIL PROTECTED]> wrote: > Well, I'm not using windows systems at all - I've got OSX clients and a > linux-based PPTP server. The passwords are stored as SSHA in my LDAP > directory. That finally makes sense as to why radtest works, so thanks!
And it explains why MS-CHAP will never work. It's *impossible*. > My next question is, what Auth-Type should I be using for SSHA's > stored in an LDAP directory. Clearly LDAP isn't going to be it if it > doesn't support decrypting passwords and I don't wish to store > passwords in plain text in the directory. Then you can't do MS-CHAP. It's a s simple as that. If you're not willing to store clear-text passwords, you can store NT-Passwords in LDAP. But that's your ONLY other option to get MS-CHAP to work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
