Am 03.08.20 um 20:04 schrieb Клеусов Владимир Сергеевич via Freeradius-Users:
cleartext is not suitable. sure, and not needed either. Is there an instruction for enabling nthash in openldap ? In principle, yes -- but be careful. The ancient NTLM Hash is pretty close to cleartext in 2020, so make sure nobody steals the hash.
1. Create an attribute conataining NTLMHash in your OpenLDAP schema, named e.g. MyNTPassword 2. Store your NT-hashed passwords there 3. In mods-available/ldap, there's already a well-prepared config line for you in the update{} section starting with control:NT-Password. On the right hand's side of this assignment, adjust the LDAP attribute Name e.g. to MyNTPassword an uncomment the line The result looks similar to: ldap { [...] update { control:NT-Password := 'MyNTPassword' [...] } [...] } FR will pull the NTLM Hash from LDAP and perform the server side of the MS-CHAP authentication itself, no Windows server needed. HTH, Martin -- Dr. Martin Pauly Phone: +49-6421-28-23527 HRZ Univ. Marburg Fax: +49-6421-28-26994 Hans-Meerwein-Str. E-Mail: pauly@HRZ.Uni-Marburg.DE D-35032 Marburg