LDAP MSCHAP error
Larry Ross
lfross at ucdavis.edu
Mon Aug 24 20:25:00 CEST 2009
passwords that are effected do not contain 00
FYI
-----Original Message-----
From: freeradius-users-bounces+lfross=ucdavis.edu at lists.freeradius.org [mailto:freeradius-users-bounces+lfross=ucdavis.edu at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Monday, August 24, 2009 11:03 AM
To: FreeRadius users mailing list
Subject: Re: LDAP MSCHAP error
Larry Ross wrote:
> LOL, K. Just found it interesting that with so little data you were able to devine our schema. The problem here is our LDAP tree will not or cannot change (political reasons... Long story sucks for me, but as they say wish in one hand and poop in the other, get back to me when you figure out which on fills first...)
As I said... it's C programming 101. It's trivial for anyone who's
spent 10 minutes with C.
> So yeah I am stuck with Binary NT hash's to use for MSCHAP auth. The odd thing is it works for 95% of our users, it seems there is a character combo that causes the truncation.
Yes. "00". This is C 101.
> So I was thinking I would use a perl script (thank you rlm_perl, and PERL-LDAP modules) to perform the LDAP query and then convert the data to ASCII and insert the converted String Data into the NT-Password variable.
That might work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list