Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass database verification against LDAP (SSHA hashing)

This thread has been viewed 0 times

  • 1.  Clearpass database verification against LDAP (SSHA hashing)

    EMPLOYEE
    Posted Dec 07, 2012 08:15 AM

    Hello

     

    A customer of ours wants to use PEAP-MSCHAPv2 but has an LDAP database with SSHA hashing. I guess the Aruba controller wont be able to "convert" that SSHA hashing into something Windows would understand (NT hash or clear text). Do you guys know if Clearpass can perform that step?

     

    Thanks a lot

     

    Regards

     



  • 2.  RE: Clearpass database verification against LDAP (SSHA hashing)
    Best Answer

    EMPLOYEE
    Posted Dec 07, 2012 04:36 PM

    Nope.  To do MsChapV2, the LDAP database must store passwords in either cleartext or nt-Hash.   http://deployingradius.com/documents/protocols/compatibility.html

     

    It does not have anything to do with clearpass, really.

     



  • 3.  RE: Clearpass database verification against LDAP (SSHA hashing)

    EMPLOYEE
    Posted Dec 08, 2012 04:40 AM

    Hum, I was afraid you'd say so :(

     

    I guess they're stuck with EAP-GTC then...

     

    Thanks a lot