On 07/23/2010 09:18 AM, Lionne Stangier wrote:
You have edited the default configuration files and broken them.
You deleted "eap" from the "authorize" section, and then sent the
server and EAP request. Don't do that.
It was only a try ;)
Sadly, many people take a hatchet to the configs then seem surprised
when things don't work! Best to make small changes one at a time and
test them, and put your configs into version control so you can roll
them back.
And if the passwords are stored as MD5, go read:
http://deployingradius.com/documents/protocols/compatibility.html
I know this side because of that I tested pap.
Some EAP methods (e.g. PEAP) will *not* work with MD5 hashed
passwords. So don't even try.
I know that they don’t work. Clear Text passwords in the ldap are a no go.
Cant pap encrypt the passwords and than eap or peap will start?
"Won't work" really means it. PEAP/MS-CHAP requires access to the
plaintext password or NT/LM hashes, or access to a domain controller
with such via use of the "ntlm_auth" helper and Samba.
It is cryptographically impossible for it to be otherwise I'm afraid.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
