PAP/SSHA plus MS-CHAP on 2.17
Alan DeKok
aland at deployingradius.com
Thu Jan 14 07:48:57 CET 2010
Eric Swanson wrote:
> ...
> [ldap] Added User-Password = {SSHA}i9--censored--JI in check items
> [ldap] looking for check items in directory...
> rlm_ldap: sambaNtPassword -> NT-Password == 0x4338--censored--4531
> rlm_ldap: sambaLmPassword -> LM-Password == 0x4637--censored--4545
You have 3 versions of the "known good" password for the user. Which
one do you want to use?
> [pap] Using CRYPT encryption.
And the "pap" module isn't configured to use any of them.
> The part that seems strange to me is that the system clearly
> identifies the type of passwords we are using ("Normalizing
> SSHA1-Password from base64 encoding" seems proof enough of that), but
> a couple lines later PAP has decided to use CRYPT encryption for some
> reason. I can't imagine what I've done to make the system believe it
> should use CRYPT instead of SSHA.
Check the configuration of the PAP module.
Alan DeKok.
More information about the Freeradius-Users
mailing list