PAP and NT-hashed password
Fajar A. Nugraha
list at fajar.net
Tue Dec 30 12:09:45 CET 2014
On Tue, Dec 30, 2014 at 4:46 PM, sb <superabx at gmail.com> wrote:
> Hello!
>
> I'm trying to authenticate users from LDAP with FreeRadius by PAP protocol.
> Passwords are stored in LDAP in NT-hash. It's not my idea, I just have to do
> it.
>
> When I do
>
> radtest -t pap ....
>
> I see from freeradius -X:
>
> [pap] login attempt with password "n*******W"
> [pap] Using clear text password "1D******************************9B"
Did you assign the hash as cleartext-password?
> [pap] Passwords don't match
If yes, no wonder it doesn't work
> So the question is: how to force PAP to create NT-hash from the given
> password and compare hash and hash. but not the password and hash?
It should work out of the box:
http://deployingradius.com/documents/protocols/compatibility.html
That is, assuming you correctly assign the hash as NT-Password, and
not Cleartext-Password.
--
Fajar
More information about the Freeradius-Users
mailing list