Hello, we would like to activate PEAP authentication with openLDAP. According to radiusd.conf #Note that NT-Passwords MUST be stored as a 32-digit hex # string, and MUST start off with "0x", such as: # # 0x000102030405060708090a0b0c0d0e0f # # Without the leading "0x", NT-Passwords will not work. # This goes for NT-Passwords stored in SQL, too. The problem is that samba itself and othe management tools like webmin store the NT and the LM password as 32.digit hex string but without the 0x. I tried to add the 0x but the logon to main domain does not work with this added. Is there a good reason why freeradius needs a differen tformat then samba ? Thanks Andreas
Andreas Moroder wrote:
According to radiusd.conf
#Note that NT-Passwords MUST be stored as a 32-digit hex # string, and MUST start off with "0x", such as:
In 1.1.7, that's no longer necessary. The "pap" module will take care of fixing any issues with NT-Password. But it *must* be listed last in the "authorize" section, as shown in the default radiusd.conf.
The problem is that samba itself and othe management tools like webmin store the NT and the LM password as 32.digit hex string but without the 0x. I tried to add the 0x but the logon to main domain does not work with this added.
Don't add the 0x. It will work. Alan DeKok.
Alan DeKok schrieb:
Andreas Moroder wrote:
According to radiusd.conf
#Note that NT-Passwords MUST be stored as a 32-digit hex # string, and MUST start off with "0x", such as:
In 1.1.7, that's no longer necessary. The "pap" module will take care of fixing any issues with NT-Password. But it *must* be listed last in the "authorize" section, as shown in the default radiusd.conf.
If this is true the comments/documentaiton in radiusd.conf should be changed Bye Andreas
participants (2)
-
Alan DeKok -
Andreas Moroder