[strongSwan] eap-radius and ssha passwords
Michael Schwartzkopff
ms at sys4.de
Sun Feb 22 19:52:06 CET 2015
Am Sonntag, 22. Februar 2015, 21:31:29 schrieb Alexey Beketov:
> Hello,
> I'm trying to make strongswan authorize and authenticate against freeipa
> through eap-radius. Client is my android phone and strongswan app (I'd like
> to use MOBIKE). I've sucessfully configured freeradius to query freeipa via
> ldap protocol. After some playing I've figured out that freeipa stores
> passwords in ssha hash. So to got everything work freeradius needs
> passwords in clear-text or ssha. The only way I got IPSEC to work on my
> phone is using xauth + psk and native android vpn client. But that way is
> using ikev1 and thus I can't use MOBIKE. My question: Is there any way to
> use eap-radius and ssha passwords to get ikev2 support? May be it is
> possible to pass clear-text passwords using eap-radius?
What is the debug output of FreeRADIUS? What authentication protocol does
MOBIKE use? You are aware of the authentication protocol and password storage
compatibility matrix?
http://deployingradius.com/documents/protocols/compatibility.html
Do you do a ldapbind oder ldapsearch?
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150222/da8b2b73/attachment-0001.pgp>
More information about the Users
mailing list