[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] Cannot get eap-radius working on Strongswan 5
From: Martin Willi <martin () strongswan ! org>
Date: 2015-02-23 9:58:20
Message-ID: 1424685500.3105.19.camel () martin
[Download RAW message or body]
Hi,
> My new setup uses MD5 passwords in Radius, while my old config used
> NT-hash. It seems now with radius-eap I have problems authenticating
> against the MD5 passwords. It is using eap-mschapv2 and it seems it is
> not a supported combination -
This can't work, a server verifying clients with EAP-MSCHAPv2 needs the
plain password or the NT-Hash of it. Any other password hash can't work
with that protocol.
> Can I use other method from strongswan to authenticate against radius
> server with md5 passwords?
This depends on your client. If you have Windows clients, there is
probably no way around EAP-MSCHAPv2 for password authentication. Our
EAP-GTC plugin exchanges plain passwords, so you basically could store
password with any hash, but no such method is supported by Windows
clients (and I don't know about FreeRADIUS).
Regards
Martin
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic