Alan DeKok wrote:
Rob Shepherd <rob@techniumcast.com> wrote:
I'll use PAP (ldap auth)
Please don't. It makes everything harder.
OK.
LDAP is a database, not an authentication server. Have the server read the clear-text password from LDAP, and the server will figure out how to authenticate the user. Remove "ldap" from the "authenticate" section. It's just not necessary.
No clear-text is stored in LDAP. I have MD5 in userPassword and the two samba hashes. The cisco kit, VPN concentrator and switches etc, supply a clear text password at radius. I figured my only option was to PAP-to-LDAP. Is there an alternative for this situation?
from the VPN concentrator but mschapv2 from the wireless, as it'll go through a peap or eap-tls tunnel. I have NT and LM hashes already in the LDAP, I just need to extract them...
And how I get the nt/lm hashes from ldap and do mschapv2..
ldap.attrmap, and the server will figure out what to do.
Thanks. -- Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ rob@techniumcast.com | 01248 675024 | 07776 210516