[strongSwan] eap-radius and ssha passwords

Thomas Will thomas.will at xinux.de
Sun Feb 22 20:27:09 CET 2015

clear text password should be possible with peap and leap ....

I brought it to work with  freeradius - ldap


Am 22.02.15 um 19:31 schrieb Alexey Beketov:
> Hello,
> I'm trying to make strongswan authorize and authenticate against 
> freeipa through eap-radius. Client is my android phone and strongswan 
> app (I'd like to use MOBIKE).
> I've sucessfully configured freeradius to query freeipa via ldap protocol.
> After some playing I've figured out that freeipa stores passwords in 
> ssha hash. So to got everything work freeradius needs passwords in 
> clear-text or ssha.
> The only way I got IPSEC to work on my phone is using xauth + psk and 
> native android vpn client. But that way is using ikev1 and thus I 
> can't use MOBIKE.
> My question: Is there any way to use eap-radius and ssha passwords to 
> get ikev2 support?
> May be it is possible to pass clear-text passwords using eap-radius?
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150222/44580099/attachment.html>

More information about the Users mailing list