"Dan Russell" <dan@in-house.com.au> wrote:
Is there a way in which I can have encrypted passwords in the mysql database and use MSCHAPv2 to authenticate users?
If they're NT hashed, yes. Otherwise, no.
If I used a third party tool like mkntpwd to create NT Hashes, could I put premade hashes in the database and use them to authenticate
Yes.
Is there any specific config change I would need to make to enable this?
or would rlm_mschap encrypt the password attribute anyway?
I have no idea what that means.
How does freeradius identify that the password has already been NT hashed? What stops it from encrypting whatever it finds in the radcheck table for the password? Do I set it as User-Password or Encrypted-Password instead of Password?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks in advance, Dan Russell
"Dan Russell" <dan@in-house.com.au> wrote:
If I used a third party tool like mkntpwd to create NT Hashes, could I put premade hashes in the database and use them to authenticate ... Is there any specific config change I would need to make to enable this?
No. It should work in the default config.
How does freeradius identify that the password has already been NT hashed?
Because you put it into the NT-Password attribute, instead of the User-Password attribute.
What stops it from encrypting whatever it finds in the radcheck table for the password?
I have no idea what question you're asking. So far as I can tell, the answer is "it doesn't work that way". Alan DeKok.
participants (2)
-
Alan DeKok -
Dan Russell