LDAP & MSCHAP errors
tnt at kalik.net
tnt at kalik.net
Wed Nov 12 13:43:51 CET 2008
>>>pap against LDAP works fine
>>>chap against LDAP works fine (With ntradping)
>>
>>They used different password.
>
>Do you mean chap and MSCHAPv2 require passwords in different formats or
>something?
No. There is a clear text password stored somewhere.
>I can auth CHAP, but with the same username and password can't auth
>CHAPv2
>(with no config change on freeradius)
>My two debugs show that
>Debug: rlm_ldap: sambaNtPassword -> NT-Password ==
>0x4145394341303636374123413937333342303139423034323445363933373332
>So the NT-Password is being retrieved from LDAP in both cases.
>
Yes. But chap wasn't using it.
>>A coorect password.
>
>Do you think the has being retrieved from LDAP is wrong then?
Yes.
>If I do put in an incorrect password I do get the same error message.
>
No surprise.
>>*****
>>>Tue Nov 11 10:10:26 2008 : Info: [chap] Using clear text password
>>>"ommitted" for user testuser authentication.
>>*****
>>
>>>Where did that come from?
>
>I don't know - inside tha chap module?
No.
>It's retrieved from LDAP.
Not that I can see. Post the whole debug and I will tell you where is
clear text password possibly stored.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list