Hi all
I just want to ask if anyone found a workaround for devices that are running version before the 6.43 and have winbox login via freeradius and encrypted stored passwords on server side.
We actually have a setup working just fine with Mikrotik and Cisco's devices using freeradius integrated with our Active Directory domain.
Access via Winbox to mikrotiks that run versions after the 6.43 is smooth and fast using the AD protocol MSCHAPv2. For Cisco devices we use hashed stored passwords in the FreeRadius DB to work with PAP.
Our goal is to achieve a solution where we can use Winbox login not just ssh or webfig for all devices in our premises and where all the passwords store on the DB will be encrypted.
Last but not less important thing is that we can not give us the placer to upgrade all mikrotiks to versions gratter than 6.43.
Current Working Enviroment:
- Freeradius 3.0 + postgresql
- Windows Server 2008 Active Directory
- More than 2000 routers running different versions
RouterOS version >= 6.43 and IOS, full access with FreeRadius
RouterOS version < 6.43, only access via ssh and webfig with FreeRadius
Have anyone a suggestion on how we can carry this on?