LDAP Data Mangling

Kevin Ehlers kevin at uoregon.edu
Fri Sep 3 17:35:33 CEST 2010


Is it possible to modify attributes returned from ldap?  E.g. We're
trying to do wpa-enterprise with peap-mschapv2.  We store our nt hash
passwords as "{nthash}<hash>" instead of "{nt}<hash>".  It looks like
the mschap module doesn't auto-detect the hash-type correctly, and says
that it never received a valid password hash.  All authentication fails
at this point.

We store it as {nthash} because that's what our other radius servers
(radiator) expect to see.

I searched the archives, but was unable to find anything about that.


Kevin Ehlers
Network Engineer
University of Oregon

More information about the Freeradius-Users mailing list