Unfortunatly, most LDAP implementations require that the password be passed
in clear text, as a security feature. PAP, tunneled through TTLS or PEAP is
then the easiest way to be secure with the password between the user and
RADIUS. RADIUS is on the recieving end of the tunnel, and reads the passw
That is what I figured. The password is protected via encryption across the
network, but it appears you're right, it is fair game on the radius server.
Due to the way our passwords are stored in LDAP, this is the only
authentication method we can use.
Matt Ashfield
Network Analyst
Integrated Te
Nevermind, I misunderstood. :(
As far as passwords in clear text, I believe that is what PAP is, clear text.
You will need something like MSCHAP to encrypt the passwords. However,
depending on your password storage algorithm on your LDAP directory, you might
not get this to work. We use a crypt
If you're using PAP then the password is fair game at any step along the
way. You need to look into another EAP type.
Mike
Michael G Ruiz
Network and Systems Engineer
Hobart and William Smith Colleges
Information Technology Services
v 315.781.3711 f 315.781.3409
From: Matt As
The authentication process works correctly, it is more the issue of the
Radius server "seeing" the cleartext password and that it could potentially
be seen by those who have or gain access to the radius server.
Matt Ashfield
Network Analyst
Integrated Technology Services
University of New Bruns
Yes, we're using PAP.
Matt Ashfield
Network Analyst
Integrated Technology Services
University of New Brunswick
(506) 447-3033
[EMAIL PROTECTED]
-Original Message-
From: Jorge Bodden [mailto:[EMAIL PROTECTED]
Sent: January 8, 2007 3:16 PM
To: [EMAIL PROTECTED]; WIRELESS-LAN@LISTSERV.EDU
There is a Windows hotfix to allow windows PEAP clients to authenticate to
non-windows radius servers. Perhaps that is what you are running into?
http://support.microsoft.com/kb/885453
Lelio Fulgenzi, B.A.
Senior An
Matt,
Are you using PAP? If so, PAP is a clear text protocol.
Jorge
BlackBerry service provided by Nextel
-Original Message-
From: Matt Ashfield <[EMAIL PROTECTED]>
Date: Mon, 08 Jan 2007 15:13:56
To:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] authentication policy quest
Hi All
We're in the process of setting up our wireless system to use radius
authentication against our usernames/passwords which are stored in LDAP.
We have come across an issue in testing the radius server. We are using
Freeradius.
The way we have this setup is quite standard (I hope). The use