PEAP w/ freeradius to LDAP storing ntPassword

schilling schilling2006 at gmail.com
Wed Oct 6 20:36:33 CEST 2010


There is smbencrypt radius-utils to generate LM Hash and NT Hash,  Any
known good perl script to do this?
sding at palm:/usr/bin$ smbencrypt schilling
LM Hash                         	NT Hash
--------------------------------	--------------------------------
D134D8CD21607749DD4218F5E59DD23A	

AF8AC3EF6579FC768515F960FB2096AC



Then which one is required?

Any format requirement in the ldap? Or just copy the 32 character and
put in the ldap?

Thanks.

Schilling

On Wed, Oct 6, 2010 at 2:19 PM, Alan DeKok <aland at deployingradius.com> wrote:
> schilling wrote:
>> We are trying to use ldap as backend database for dot1x peap
>> authentication thru freeradius.  The following link has good
>> explanation.
>>
>> http://vuksan.com/linux/dot1x/802-1x-LDAP.html
>
>  Note it's 5 years old...
>
>> But do we really need both ntpassword and lmpassword in the ldap directory?
>
>  No.
>
>> windows client send username and ntpassword to NAS
>> NAS send the username/ntpassword to radius in a tunnel
>> radius unwrap the tunnel, using the username to fetch the ntpassword
>> from ldap, do a comparison of ldap returned ntpassword and unwrapped
>> ntpassword, if they are the same, authentication accept.
>
>  No.  It's a *lot* more complicated than that.
>
>  All you need to do is to uncomment "ldap" in
> raddb/sites-available/inner-tunnel, and it should work.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list