[389-users] 389DS userPassword and Freeradius
Jochen Schneider
scne59 at gmail.com
Tue Nov 3 14:48:46 UTC 2015
On 03/11/15 13:36, ozikat wrote:
> Recently we would like to extend 389DS user into Radius for account
> authorization and authentication (WiFi with WPA-Enterprise, Portal and etc)
>
> It seems like Freeradius only work with ClearText Password, i.e it
> cannot read password attribute userPassword with SHA-HASHed.
>
> Anyone has workaround and idea on this?
>
> We have freeradius setup, and it seems it doesnt work with MSCHAPv2 ;(
In order to use MSCHAPv2 with any combination of RADIUS daemon and LDAP
server you have to store plaintext passwords (or NT-Password Hashes) in
your backend. This is not a limitation of freeradius or 389. It's by design.
http://deployingradius.com/documents/protocols/compatibility.html
J.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4233 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20151103/6c5bbe23/attachment.p7s>
More information about the 389-users
mailing list