<div>Hi, i've got back to problem :</div>
<div>as i mentioned i have plain text stored passwords (atrib UserPassword) in ldap, and i want to change it to crypt, or mda5. Mschap need NT-Password , which is the best way to solve it? I do not want to store NT-Password value in LDAP, or there is no other choice? What about that ntlm_auth - it will create from crypt nt and send it to mschap?<br>
<br>Thanks in advance!</div>
<div> </div>
<div>David<br><br></div>
<div class="gmail_quote">2008/3/5 Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>>:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div class="Ih2E3d">David Hláčik wrote:<br>> Hi, I have working configuration of PPTPD (Windows VPN) trought Radius <br>> to LDAP stored users. The think is ,that it accepts only plain text<br>> stored passwords in ldap becouse of very well known NT-Password for MSCHAPv2<br>
</div>...<br>
<div class="Ih2E3d">> Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=boss<br>> --challenge=09c34801a6bafab3<br>> --nt-response=e9aa9365702850c20847566b84c4c729efbac9d014ff1301<br>><br>> Exec-Program output: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)<br>
<br></div> That's an error from winbindd. Does ntlm_auth work from the command line?<br><br><a href="http://deployingradius.com/documents/configuration/active_directory.html" target="_blank">http://deployingradius.com/documents/configuration/active_directory.html</a><br>
<br> If not, don't bother trying FreeRADIUS until ntlm_auth works from the<br>command-line.<br><font color="#888888"><br> Alan DeKok.<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</font></blockquote></div><br>