On 11/16/2012 11:27 AM, Carlos Velasco wrote:
According to RFC2548, after 0x0701 should be the "Encrypted-Hash" 16 octects, but they are all 00.
I am trying to find out why, seems a bug in Cisco part. But I think this works fine with Cisco ACS radius. :S
The CPW packet lets you send the NT and/or LM hashes.
The "ntlm_auth" code supports (and sends) both, but it's very likely that support for LM hashes has been disabled on your domain; they're horribly insecure and deprecated.
My guess is the Cisco has old code. LM hashes were "easy" so older code tends to support them.
Mmm well, the "Encrypted-Hash" should be an NT hash. === Encrypted-Hash The Encrypted-Hash field is 16 octets in length. It contains the old Windows NT password hash encrypted with the new Windows NT password hash. === I don't see LM hashes allowed in the Radius attributes for password change. Don't seem Cisco using them. I am trying to make some findings. Maybe installing ACS and testing to see any difference.