Scenario:
Mikrotik is authing with FreeRadius, Where a policy based LDAP lookup occurs to determine wether user can authenticate or not aswell as return access level of user back to the Mikrotik.
Problem:
LDAP database passwords are encrypted.
-Mikrotik ssh and telnet are passing password details via PAP which works correctly.
-Mikrotik Web Interface is passing passwords via CHAP, which doesn’t work due to duel encryption.
I need those passwords to all be passed in PAP not CHAP. And no, there is no way to store passwords in our LDAP database as clear text. That’s a complete security risk. And no PAP is not a security Risk in this instance as all radius traffic is being passed via MPLS.
Is there any solution to this?