Authentication with mschap
Eric Bourkland
eric.bourkland at trustedconcepts.com
Mon Aug 17 15:12:05 CEST 2009
> So... what are the contents of the NT-Password attribute?
In the LDAP data store? is it a hashed (MD4) format which should be able to be read doing MS-CHAP. I know, I know clear text, but with my current set up Zimbra with OpenLdap it does not let you do complete clear text. I integrated Samba attributes in so I can get the NT/LM passwords stored.
I added a few more lines to the debugging from my first message I don't know if that message was seen. but...
...
No Cleartext-Password configured. Cannot create LM-Password
No Cleartext-Password configured. Cannot create NT-Password
Told to do MS-CHAPv2 for test.user with NT-Password
FAILED: No NT/LM-Password. Cannot perform authentication.
FAILED: MS-CHAP2-Response is incorrect.
what it looks like to me is that Radius isn't getting the Cleartext-Password from the laptop client, I don't know if this the case or not. the laptop client is Window's XP pro build and some Vista, and whatever else a guest may bring in. I assumed that it would pass the password in the Cleartext-Password attribute when using the MS-CHAPv2, I need to confrim this. I can get it to work if I install SecureW2 but I've been told that asking everyone to install it on the laptops isn't an option.
This protocol is relatively new to me at least how all the various pieces of software handle it.
I know I'm close I just need help being pointed in the right direction on where the disconnect is occuring. right now I am pretty certain it is not between Radius and my openLDAP.
Thanks,
----- Original Message -----
From: "Alan DeKok" <aland at deployingradius.com>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Sunday, August 16, 2009 4:11:47 AM GMT -05:00 US/Canada Eastern
Subject: Re: Authentication with mschap
Eric Bourkland wrote:
> It looks like it is trying the correct authentication
>
> ...
> Told to do MS-CHAPv2 for test.user with NT-Password
> FAILED: No NT/LM-Password. Cannot perform authentication.
> FAILED: MS-CHAP2-Response is incorrect.
So... what are the contents of the NT-Password attribute?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list