NTLM in MSCHAP
Ivan Kalik
tnt at kalik.net
Tue Mar 25 12:57:02 CET 2008
http://deployingradius.com/documents/protocols/compatibility.html
Have a look at the mschap row and you will see what can and what can't
work.
Ivan Kalik
Kalik Informatika ISP
Dana 25/3/2008, "David Hláčik" <david at hlacik.eu> piše:
>Hi, i've got back to problem :
>as i mentioned i have plain text stored passwords (atrib UserPassword) in
>ldap, and i want to change it to crypt, or mda5. Mschap need NT-Password ,
>which is the best way to solve it? I do not want to store NT-Password value
>in LDAP, or there is no other choice? What about that ntlm_auth - it will
>create from crypt nt and send it to mschap?
>
>Thanks in advance!
>
>David
>
>2008/3/5 Alan DeKok <aland at deployingradius.com>:
>
>> David Hláčik wrote:
>> > Hi, I have working configuration of PPTPD (Windows VPN) trought Radius
>> > to LDAP stored users. The think is ,that it accepts only plain text
>> > stored passwords in ldap becouse of very well known NT-Password for
>> MSCHAPv2
>> ...
>> > Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=boss
>> > --challenge=09c34801a6bafab3
>> > --nt-response=e9aa9365702850c20847566b84c4c729efbac9d014ff1301
>> >
>> > Exec-Program output: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
>>
>> That's an error from winbindd. Does ntlm_auth work from the command
>> line?
>>
>> http://deployingradius.com/documents/configuration/active_directory.html
>>
>> If not, don't bother trying FreeRADIUS until ntlm_auth works from the
>> command-line.
>>
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
More information about the Freeradius-Users
mailing list