Hi, i've got back to problem : as i mentioned i have plain text stored passwords (atrib UserPassword) in ldap, and i want to change it to crypt, or mda5. Mschap need NT-Password , which is the best way to solve it? I do not want to store NT-Password value in LDAP, or there is no other choice? What about that ntlm_auth - it will create from crypt nt and send it to mschap? Thanks in advance! David 2008/3/5 Alan DeKok <aland@deployingradius.com>:
David Hláčik wrote:
Hi, I have working configuration of PPTPD (Windows VPN) trought Radius to LDAP stored users. The think is ,that it accepts only plain text stored passwords in ldap becouse of very well known NT-Password for MSCHAPv2 ... Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=boss --challenge=09c34801a6bafab3 --nt-response=e9aa9365702850c20847566b84c4c729efbac9d014ff1301
Exec-Program output: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
That's an error from winbindd. Does ntlm_auth work from the command line?
http://deployingradius.com/documents/configuration/active_directory.html
If not, don't bother trying FreeRADIUS until ntlm_auth works from the command-line.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html