On Dec 20, 2018, at 6:18 PM, Anton Kiryushkin <swood@fotofor.biz> wrote:
You're right. My fault. Please see log below:
Thanks.
... (9) sql-wifi: Conditional check items matched, merging assignment check items (9) sql-wifi: NT-Password := 0x6336623331333036323736373866653636626166393538616561356566363138
Again... that's all ASCII data. You've taken the hex form of the string: c6b3130627678fe66baf958aea5ef618 And instead of just putting this into SQL: NT-Password := 0xc6b3130627678fe66baf958aea5ef618 You've converted the ASCII representation to hex again... and then set that as the NT password. Don't do that.
... (9) eap_mschapv2: Auth-Type MS-CHAP { (9) mschap: WARNING: NT-Password found but incorrect length, expected 16 bytes got 12 bytes. Authentication may fail
And the NT password is mangled, as noted above. Why are you converting the hex string to ASCII *twice*? Just take the output of smbencrypt, put a "0x" in front of it, and set it as NT-Password in the database: Again: $ smbencrypt hello LM Hash NT Hash -------------------------------- -------------------------------- FDA95FBECA288D44AAD3B435B51404EE 066DDFD4EF0E9CD7C256FE77191EF43C And then: NT-Password := 0x066DDFD4EF0E9CD7C256FE77191EF43C You *don't* have to hex-encode the hex output of smbencrypt. Alan DeKok.