On Tue, Dec 30, 2014 at 4:46 PM, sb <superabx@gmail.com> wrote:
Hello!
I'm trying to authenticate users from LDAP with FreeRadius by PAP protocol. Passwords are stored in LDAP in NT-hash. It's not my idea, I just have to do it.
When I do
radtest -t pap ....
I see from freeradius -X:
[pap] login attempt with password "n*******W" [pap] Using clear text password "1D******************************9B"
Did you assign the hash as cleartext-password?
[pap] Passwords don't match
If yes, no wonder it doesn't work
So the question is: how to force PAP to create NT-hash from the given password and compare hash and hash. but not the password and hash?
It should work out of the box: http://deployingradius.com/documents/protocols/compatibility.html That is, assuming you correctly assign the hash as NT-Password, and not Cleartext-Password. -- Fajar