Oracle LDAP and password

Alan DeKok aland at
Wed Dec 5 15:37:46 CET 2007

Fabio Pedretti wrote:
> I am using FreeRADIUS 1.1.7 and I want to authenticate my users against
> an Oracle LDAP. TTLS-PAP works fine, but I also need PEAP-MSCHAPv2, so I
> have to be able to read NT-LM password. I noticed that the Oracle LDAP
> server stores password in this format:
> authpassword;orclcommonpwd: {X- ORCLLMV}708090a0b0c0d0e0f000102030405060
> authpassword;orclcommonpwd: {X- ORCLNTV}000102030405060708090a0b0c0d0e0f


> I verified that the the LM and NT hashes match those needed by
> FreeRADIUS but  hashes are after a special header ({X- ORCLLMV} or {X-
> ORCLNTV}) and all in the same attribute (authpassword;orclcommonpwd).
> Is it possible to configure FreeRADIUS to read the hashes in these format?

  You'll have to edit the source code to rlm_pap.  It should be
relatively easy.

  Alan DeKok.

More information about the Freeradius-Users mailing list