FR 3.0 with eDir

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Dec 18 13:54:42 CET 2013


On 18 Dec 2013, at 09:54, Hubert Kupper <kupper at uni-landau.de> wrote:

> Am 18.12.2013 10:16, schrieb Olivier Beytrison:
>> On 18.12.2013 09:56, Hubert Kupper wrote:
>>> Bingo. You are right. When I use ldaps the ldap bind was successful now.
>>> With FR 2.x on OpenSuse 12.3 ldap and ldaps work both.
>> Good news !
>> 
>>> (9) ldap : Added eDirectory password in check items as
>>> Cleartext-Password = pwddummy
>> Is that the password you used to test the authentication ?
>> 
>>> (9) mschap : Creating challenge hash with username: dumm
>>> (9) mschap : Client is using MS-CHAPv2 for dumm, we need NT-Password
>>> (9) mschap : FAILED: MS-CHAP2-Response is incorrect
>>> (9)   [mschap] = reject
>> It looks like you provided the wrong password.
>> 
>> Olivier
> no, I used "pwddummy" only in my posting. In my tests I used the right password for the testuser dumm. With our other FR servers, the testuser and password works fine!

update request {
	Tmp-String-0 := "%{debug_attr:control:}"
}

Add that after the call to the mshcap module, it should show that the Cleartext-Password has been transformed into an NT-Password.

NT-Passwords are unsalted, so compute the NT-Password hash of the password you're entering, verify it matches the hash.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20131218/b9b02f8a/attachment.pgp>


More information about the Freeradius-Users mailing list