Hi Alan I confirmed the following questions. Passwords stored in LDAP were encrypted with NT hash password.
The LDAP server uses OpenLDAP.
Then the database needs to supply a Cleartext-Password to FreeRAIDUS.
Authentication of Wifi_AP and wired LAN does not use AD.
The attribute about the user is set to OpenLDAP.
OK.
How are the passwords stored in LDAP? Clear text? crypt? Some other method?
Only Clear text passwords and NT hashed passwords are compatible with MS-CHAPv2.
2019-07-31 0:15 GMT+09:00, Yuya Yanagi <peacefull64@gmail.com>:
Alan
OK.
How are the passwords stored in LDAP? Clear text? crypt? Some other method?
The content of the attribute that holds the LDAP password is encrypted. Apart from that, there is also an attribute that has an unencrypted password, but since it is dangerous if it is described in the log etc, encryption is used instead.
It is unclear whether this encrypted password is an NT hashed password, so I will check it.
2019-07-31 0:08 GMT+09:00, Alan DeKok <aland@deployingradius.com>:
On Jul 30, 2019, at 11:06 AM, Yuya Yanagi <peacefull64@gmail.com> wrote:
Thank you for your reply.
The LDAP server uses OpenLDAP.
Then the database needs to supply a Cleartext-Password to FreeRAIDUS.
Authentication of Wifi_AP and wired LAN does not use AD.
The attribute about the user is set to OpenLDAP.
OK.
How are the passwords stored in LDAP? Clear text? crypt? Some other method?
Only Clear text passwords and NT hashed passwords are compatible with MS-CHAPv2.
The migration source passes authentication with MS-CHAPv2, but Maybe you should choose MS-Chapv2?
They're the same thing.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html