On Tue, Dec 30, 2014 at 1:09 PM, Fajar A. Nugraha <list@fajar.net> wrote:
On Tue, Dec 30, 2014 at 4:46 PM, sb <superabx@gmail.com> wrote:
Hello!
I'm trying to authenticate users from LDAP with FreeRadius by PAP protocol. Passwords are stored in LDAP in NT-hash. It's not my idea, I just have to do it.
When I do
radtest -t pap ....
I see from freeradius -X:
[pap] login attempt with password "n*******W" [pap] Using clear text password "1D******************************9B"
Did you assign the hash as cleartext-password?
No, in ldap.attrmap I have: checkItem NT-Password sambaNtPassword I've tried to add checkItem User-Password sambaNtPassword But it makes no difference. So now there is no User-Password and no Cleartext-Password in attributes.
[pap] Passwords don't match
If yes, no wonder it doesn't work
So the question is: how to force PAP to create NT-hash from the given password and compare hash and hash. but not the password and hash?
It should work out of the box: http://deployingradius.com/documents/protocols/compatibility.html
Thank you, I will try.
That is, assuming you correctly assign the hash as NT-Password, and not Cleartext-Password.
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html