On Thu, Nov 8, 2012 at 2:43 PM, Erich Titl <[email protected]> wrote: > Hi Fajar > > on 08.11.2012 08:16, Fajar A. Nugraha wrote: > ... > >> >> IIRC only one of them will be used. I suggest you dop MD5 (since it's >> useless for your purpose) and Cleartext (you don't want that, right?) >> and verify you use the correct NT-Password (use "smbencrypt" if you >> haven't already done so) > > Yes, it appears that authentication using NT-Password hash works fine > for M$. What would be the least common setting in a multi vendor > environment. I guess, OSX, for example, is using a different protocol.
Most other supplicants can use EAP-MSCHAPv2 just fine, so you shouldn't have any problems with other OS. NT-Password should work with PAP as well, so PAP and TTLS-PAP should also work, if you need to choose that for some reason. Also note that storing NT-Passwords should be considered as insecure as storing cleartext password (since "cracking" MD4 hash is easy-enough), but at least you won't see the cleartext password in the database. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
