On Aug 3, 2017, at 6:33 PM, mr mh1113 <mrmh1113@gmail.com> wrote:
Well, it's not as easy as one might think.
It should be simple if you use a recent version, and standard LDAP schemas. Despite various complaints, we *do* try to make it simple to configure the user.
MD4 hash has 32 characters, it's hex number so that means 2 characters = 1 byte. 32 / 2 = 16 bytes and this "length" is expected. Another 8 bytes (32 + 8 = 40) is header {nthash} with curled brackets
No... that's not an NT password. That's an NT password with magic LDAP crap pre-pended to it.
including. I've tried {nt} header and blank header with no success.
How about no header?
It seems that FreeRadius interprets value in my custom LDAP attribute as plain text not hex number.
So... you created a custom LDAP attribute / schema, and are surprised that FreeRADIUS doesn't magically figure out what you mean?
LDAP attribute is type "text".
Custom LDAP attribute contains text value E217DE3A51C1329B751A28B9792F42DB.
Then pass that text value directly into the NT-Password attribute. It *will* work. If the hash you give above is 32 characters long, and FreeRADIUS expects a 32-character hash... then it should be straightforward to connect the two.
There was a thread about similar problem https://github.com/FreeRADIUS/freeradius-server/issues/679 I use FreeRadius 3.0.4 from CentOS 7 with backported fixes from upstream.
Use 3.0.15. Please. 3.0.4 is *years* out of date. Alan DeKok.