sorry for spamming, i just want to understand
OpenLDAP knows the clear text password:
[ldap] userPassword -> Cleartext-Password == "test "
[ldap] userPassword -> NT-Password == 0x7465737420 => supposed to be the hash password
[ldap] looking for reply items in directory...
[ldap] user bernard authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
Is the inner tunnel part of the MSCHAPv2 is failing because
it doesn't kwow the way of dealing with the password supplied ?
Adding into ldap.attrmap the userPassword -> NT-Password is enough to produce a correct NT hash password?
[mschap] Invalid NT-Password
[mschap] Told to do MS-CHAPv2 for bernard with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\nE=691 R=1"
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\nE=691 R=1"
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE