NTLM in MSCHAP
David Hláčik
david at hlacik.eu
Tue Mar 25 12:48:45 CET 2008
Hi, i've got back to problem :
as i mentioned i have plain text stored passwords (atrib UserPassword) in
ldap, and i want to change it to crypt, or mda5. Mschap need NT-Password ,
which is the best way to solve it? I do not want to store NT-Password value
in LDAP, or there is no other choice? What about that ntlm_auth - it will
create from crypt nt and send it to mschap?
Thanks in advance!
David
2008/3/5 Alan DeKok <aland at deployingradius.com>:
> David Hláčik wrote:
> > Hi, I have working configuration of PPTPD (Windows VPN) trought Radius
> > to LDAP stored users. The think is ,that it accepts only plain text
> > stored passwords in ldap becouse of very well known NT-Password for
> MSCHAPv2
> ...
> > Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=boss
> > --challenge=09c34801a6bafab3
> > --nt-response=e9aa9365702850c20847566b84c4c729efbac9d014ff1301
> >
> > Exec-Program output: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
>
> That's an error from winbindd. Does ntlm_auth work from the command
> line?
>
> http://deployingradius.com/documents/configuration/active_directory.html
>
> If not, don't bother trying FreeRADIUS until ntlm_auth works from the
> command-line.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080325/7f297e1e/attachment.html>
More information about the Freeradius-Users
mailing list