On Thu, Oct 6, 2011 at 8:06 PM, Alex rsm <[email protected]> wrote: > Hi, > > I was told there is a plugin for FreeRadius that can be used to retrieve the > username/password of the EAP request. Is this true?
There are two EAP mechanism that sends user password in clear-text: EAP-GTC and EAP-TTLS + PAP. Both of which is not supported by Windows client. If you use one of those two mechanism then you can easily get user's cleartext password. If you use EAP-MSCHAPv2 (the most widely used) then no plugin or software can retrieve the plaintext password from the access-request packet. It's simply not possible. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
