Rob Shepherd wrote:
No clear-text is stored in LDAP. I have MD5 in userPassword and the two samba hashes. The cisco kit, VPN concentrator and switches etc, supply a clear text password at radius. I figured my only option was to PAP-to-LDAP.
Is there an alternative for this situation?
Use an instance of the "pap" module with "encryption_scheme = nt" modules { pap nthashpap { encryption_scheme = nt } } authorize { preprocess files } authenticate { Auth-Type PAP { nthashpap } } ...however, you will need: DEFAULT Auth-Type := PAP ...somewhere, since the PAP module in 1.1.0 (and I think all non-CVS versions?) does not (irritatingly) set Auth-Type to PAP, and cannot even run in the authorize section. Newer versions of the server (CVS) will both auto-detect "{type}hash" type prefixes in values *and* set the auth-type so you can just do: modules { pap { auto_header = yes } } authorize { preprocess pap ldap } authenticate { Auth-Type PAP { pap } }