LDAP MSCHAP error

Mon Aug 24 20:02:42 CEST 2009

Larry Ross wrote:
> LOL, K.  Just found it interesting that with so little data you were able to devine our schema.  The problem here is our LDAP tree will not or cannot change (political reasons... Long story sucks for me, but as they say wish in one hand and poop in the other, get back to me when you figure out which on fills first...)

  As I said... it's C programming 101.  It's trivial for anyone who's
spent 10 minutes with C.

> So yeah I am stuck with Binary NT hash's to use for MSCHAP auth. The odd thing is it works for 95% of our users, it seems there is a character combo that causes the truncation.

  Yes.  "00".  This is C 101.

> So I was thinking I would use a perl script (thank you rlm_perl, and PERL-LDAP modules) to perform the LDAP query and then convert the data to ASCII and insert the converted String Data into the NT-Password variable.

  That might work.

  Alan DeKok.