freeradius 3 + OPENLDAP

Matthew Newton mcn at freeradius.org
Wed Nov 14 17:28:34 CET 2018


On Wed, 2018-11-14 at 18:21 +0200, Eyal Zarchi wrote:
> (0) ldap: control:Password-With-Header +=
> '{SSHA}qGc3M+tIwC6k+IzrF9ELgbC9WcEKjFNK'

...

> (0) mschap: WARNING: No Cleartext-Password configured.  Cannot create
> NT-Password
> 
> (0) mschap: WARNING: No Cleartext-Password configured.  Cannot create
> LM-Password
> 
> (0) mschap: Client is using MS-CHAPv1 with NT-Password
> 
> (0) mschap: ERROR: FAILED: No NT/LM-Password.  Cannot perform
> authentication

Password in LDAP needs to be an NT hash or cleartext.

SSHA won't work with MSCHAP.

See http://deployingradius.com/documents/protocols/compatibility.html

-- 
Matthew



More information about the Freeradius-Users mailing list