Colleen C. Morrissey wrote:
Hi,
Why? If you have the clear-text password on the server, you can just compare the two. There's no need to configure rlm_pap to do the NT hash.
I don't have the clear text password. Your original reply said this would work with clear text password or nt hash. I have the NT hash and/or I can get the SHA1 base 64 encoded password (which was working with gtc by itself). Can I get pap/gtc to work with the NT hash password? I don't manage the ldap service so getting the clear text password will not be easy and may not be possible organizationally. Thanks.
I know SHA1 will definitely work, as will NT but you will have to use the PAP module. The nt hash should be written into the check item NT-Password, I think sha is SHA-Password. If your using LDAP just enable auto header and it'll figure it out for you :) , if you do use NT password be sure the FreeRADIUS <-> LDAP nt hash password attribute mapping is correct.