[strongSwan] eap-radius and ssha passwords

Michael Schwartzkopff ms at sys4.de
Sun Feb 22 19:52:06 CET 2015

Am Sonntag, 22. Februar 2015, 21:31:29 schrieb Alexey Beketov:
> Hello,
> I'm trying to make strongswan authorize and authenticate against freeipa
> through eap-radius. Client is my android phone and strongswan app (I'd like
> to use MOBIKE). I've sucessfully configured freeradius to query freeipa via
> ldap protocol. After some playing I've figured out that freeipa stores
> passwords in ssha hash. So to got everything work freeradius needs
> passwords in clear-text or ssha. The only way I got IPSEC to work on my
> phone is using xauth + psk and native android vpn client. But that way is
> using ikev1 and thus I can't use MOBIKE. My question: Is there any way to
> use eap-radius and ssha passwords to get ikev2 support? May be it is
> possible to pass clear-text passwords using eap-radius?

What is the debug output of FreeRADIUS? What authentication protocol does 
MOBIKE use? You are aware of the authentication protocol and password storage 
compatibility matrix?


Do you do a ldapbind oder ldapsearch?

Mit freundlichen Grüßen,

Michael Schwartzkopff

[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150222/da8b2b73/attachment-0001.pgp>

More information about the Users mailing list