2010/10/6 schilling <schilling2006@gmail.com>
There is smbencrypt radius-utils to generate LM Hash and NT Hash, Any known good perl script to do this?
You can use Crypt::SmbHash (from CPAN).
sding@palm:/usr/bin$ smbencrypt schilling LM Hash NT Hash -------------------------------- -------------------------------- D134D8CD21607749DD4218F5E59DD23A
AF8AC3EF6579FC768515F960FB2096AC
Then which one is required?
NT Hash is required.
Any format requirement in the ldap? Or just copy the 32 character and put in the ldap?
Just put the NT Hash in the sambaNTPassword field in LDAP.
Thanks.
Schilling
On Wed, Oct 6, 2010 at 2:19 PM, Alan DeKok <aland@deployingradius.com> wrote:
schilling wrote:
We are trying to use ldap as backend database for dot1x peap authentication thru freeradius. The following link has good explanation.
Note it's 5 years old...
But do we really need both ntpassword and lmpassword in the ldap directory?
No.
windows client send username and ntpassword to NAS NAS send the username/ntpassword to radius in a tunnel radius unwrap the tunnel, using the username to fetch the ntpassword from ldap, do a comparison of ldap returned ntpassword and unwrapped ntpassword, if they are the same, authentication accept.
No. It's a *lot* more complicated than that.
All you need to do is to uncomment "ldap" in raddb/sites-available/inner-tunnel, and it should work.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html