[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Cisco LEAP username and password in FreeRadius
From:       "Alan DeKok" <aland () ox ! org>
Date:       2003-03-30 15:53:25
[Download RAW message or body]

michael.kopp@gmx.net wrote:
> >  LEAP uses MS-CHAP for authentication.  As a result, it's impossible
> >to combine System authentication with LEAP.
...
> I`d like to know is this a "limitation" of freeradius or of the leap
> protocol ?

  It's a limitation of MS-CHAP, as I tried to point out.  See the FAQ
for more comments on CHAP.  FreeRADIUS didn't define MS-CHAP, so it is
NOT responsible for this problem.

> I think with Cisco Secure ACS you can utilize backend databases like Active
> Directory or LDAP , so is this only limited in freeradius and why ?

  Because LDAP and Active directory are not Unix system password
files.  Hint: The names are different!

  LEAP *can* do authentication with NT-Password hashes, because
they're part of the MS-CHAP protocol.

  Alan DeKok.


[prev in list] [next in list] [prev in thread] [next in thread]