Authentication Problem with PEAP and openldap
Michael Poser
m.poser at rz.uni-frankfurt.de
Mon Jan 12 11:16:32 CET 2009
Hello Alan,
thank you for your reply.
The mapping of the NT-Password describe exactly our problem. We cannot find
the right passage in the radius config to do this. Maybe you can give as a
little hint, this would be very kindly.
Best Regards, Michael
> native wired xp 802.1X client with PEAP (mschapv2) tries to authenticate
via
> freeradius against openldap with an md4 encoded utf-16e password hash. The
> authentication fails. If we use the hash instead of the clear-text
password
> with the xp client, the authentication works fine. There must be some
> problems with the encryption of the password. How do we fix the problem?
Any
> help is appreciated.
You may have the NT hash of the password in the LDAP database, but
you're telling FreeRADIUS it's the clear-text password:
...
> rlm_ldap: performing search in ou=XXX,ou=XXX,o=XXX,dc=XXX,dc=de, with
filter
> (uid=plisch01)
> rlm_ldap: Added password 4183... in check items
You want to map this to the NT-Password attribute.
Alan DeKok.
--
Michael Poser,
HRZ - Abteilung Netze
Tel.:069/798-28052
More information about the Freeradius-Users
mailing list