Hello Alan, thank you for your reply. The mapping of the NT-Password describe exactly our problem. We cannot find the right passage in the radius config to do this. Maybe you can give as a little hint, this would be very kindly. Best Regards, Michael
native wired xp 802.1X client with PEAP (mschapv2) tries to authenticate via freeradius against openldap with an md4 encoded utf-16e password hash. The authentication fails. If we use the hash instead of the clear-text password with the xp client, the authentication works fine. There must be some problems with the encryption of the password. How do we fix the problem? Any help is appreciated.
You may have the NT hash of the password in the LDAP database, but you're telling FreeRADIUS it's the clear-text password: ...
rlm_ldap: performing search in ou=XXX,ou=XXX,o=XXX,dc=XXX,dc=de, with filter (uid=plisch01) rlm_ldap: Added password 4183... in check items
You want to map this to the NT-Password attribute. Alan DeKok. -- Michael Poser, HRZ - Abteilung Netze Tel.:069/798-28052