[strongSwan] ike2/mobike with mschapv2 against PAM?
Martin Willi
martin at strongswan.org
Mon Mar 5 08:56:26 CET 2012
Hi Kimmo,
> Is there any way to use PAM, radius, ldap or anything else than
> ipsec.secrets to authenticate users when using mschapv2?
EAP-MSCHAPv2 does not transmit the password in the clear, hence using it
for PAM does not work. We have a EAP-GTC plugin that authenticates user
against PAM, but you'd need the same plugin on your Windows clients
(Microsoft does not ship one).
Our EAP-RADIUS plugin can forward any EAP method over RADIUS to a
backend server. You'd need a RADIUS server with EAP-MSCHAPv2 support,
FreeRADIUS and Microsofts NPS are known to work fine.
Regards
Martin
More information about the Users
mailing list