11 Jan
2009
11 Jan
'09
1:19 p.m.
Michael Poser wrote:
native wired xp 802.1X client with PEAP (mschapv2) tries to authenticate via freeradius against openldap with an md4 encoded utf-16e password hash. The authentication fails. If we use the hash instead of the clear-text password with the xp client, the authentication works fine. There must be some problems with the encryption of the password. How do we fix the problem? Any help is appreciated.
You may have the NT hash of the password in the LDAP database, but you're telling FreeRADIUS it's the clear-text password: ...
rlm_ldap: performing search in ou=XXX,ou=XXX,o=XXX,dc=XXX,dc=de, with filter (uid=plisch01) rlm_ldap: Added password 4183... in check items
You want to map this to the NT-Password attribute. Alan DeKok.