Yet another PEAP/LDAP Question
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jan 25 18:44:32 CET 2006
Jon P. Giza wrote:
> Phil:
>
> I have made the suggested changes, and new debug's below:
>
> rlm_ldap: looking for check items in directory...
> rlm_ldap: Adding userPassword as NT-Password, value ( & op=21
> rlm_ldap: looking for reply items in directory...
> ...
> modcall: entering group MS-CHAP for request 5
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: Invalid NT-Password
The bit of code that generates this error checks for a length of 16
bytes (the actual bytes) or 32 (un-prefixed hex-encoded, in which case
it decodes it). Therefore the userPassword attribute must be something
other than the form:
0123456789abcdef0123456789abcdef
Your original debug log showed:
rlm_ldap: Added password (6BDC5527858B28XXXXXXXXXEFAF2323F) in check items
...and from the looks of the rlm_ldap code those brackets '()' are part
of the data in the LDAP server, not part of the message print out function.
Quite why you'd wrap an ntPassword in round brackets I don't know, but
you'll need to remove them somehow.
More information about the Freeradius-Users
mailing list