LDAP MSCHAP error

Larry Ross lfross at ucdavis.edu
Mon Aug 24 19:00:29 CEST 2009


LOL, K.  Just found it interesting that with so little data you were able to devine our schema.  The problem here is our LDAP tree will not or cannot change (political reasons... Long story sucks for me, but as they say wish in one hand and poop in the other, get back to me when you figure out which on fills first...)

So yeah I am stuck with Binary NT hash's to use for MSCHAP auth. The odd thing is it works for 95% of our users, it seems there is a character combo that causes the truncation.

So I was thinking I would use a perl script (thank you rlm_perl, and PERL-LDAP modules) to perform the LDAP query and then convert the data to ASCII and insert the converted String Data into the NT-Password variable.

With that strategy in mind I have a couple questions.

1:  Sanity check.  Before I begin down this path, does this sound plausible?
2:  Suggestions or samples would be greatly appreciated.

Thank you
Larry

-----Original Message-----
From: freeradius-users-bounces+lfross=ucdavis.edu at lists.freeradius.org [mailto:freeradius-users-bounces+lfross=ucdavis.edu at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Friday, August 21, 2009 11:35 PM
To: FreeRadius users mailing list
Subject: Re: LDAP MSCHAP error

Larry Ross wrote:
> Hmm interesting, how were you able to divine that that is how we are storing the has values... 

  C programming 101.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list