I've tried changing that setting (and restarting) but it doesn't seem to have any effect. I assume that's because it controls how packetfence stores user passwords in its local database rather than in active directory.
I appreciate that the password needs to be plain text, however I'm not sure how that works with active directory from freeradius. I've configured active directory to store the password with reversible encryption so it can be decrypted to plain text. This in turn mean EAP-MD5 works when I use NPS (which has the same requirements) but maybe that doesn't work with freeradius because the mechanism to connect to the database doesn't support the way windows is dealing with the password? The log tends to suggest to me that's it's not even trying actice directory with EAP-MD5 despite there being no other authentication sources configured "Info: rlm_sql (sql)" I can't seem to find any documentation about this. -----Original Message----- From: Nicolas Quiniou-Briand via PacketFence-users [mailto:packetfence-users@lists.sourceforge.net] Sent: 22 July 2019 12:30 To: packetfence-users@lists.sourceforge.net Cc: Nicolas Quiniou-Briand <n...@inverse.ca> Subject: Re: [PacketFence-users] EAP-MD5 & Active Directory? Hello John On 2019-07-22 11:34 a.m., John Sayce via PacketFence-users wrote: > Mon Jul 22 10:13:31 2019 : Auth: (13018) Login incorrect (eap_md5: > Cleartext-Password is required for EAP-MD5 authentication): > [asd\switch1] (from client 10.8.4.2 port 31 cli 54:80:28:9c:50:50) Try to change "Database passwords hashing method" setting to "plain" in Configuration -> System configuration -> Main configuration -> Advanced. As mentioned here [0], EAP-MD5 is only compatible with clear text passwords. [0] http://deployingradius.com/documents/protocols/compatibility.html -- Nicolas Quiniou-Briand n...@inverse.ca :: +1.514.447.4918 *140 :: https://inverse.ca Inverse inc. :: Leaders behind SOGo (https://sogo.nu), PacketFence (https://packetfence.org) and Fingerbank (http://fingerbank.org) _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
