LDAP Data Mangling
Alan DeKok
aland at deployingradius.com
Fri Sep 3 23:30:02 CEST 2010
Kevin Ehlers wrote:
> Is it possible to modify attributes returned from ldap? E.g. We're
> trying to do wpa-enterprise with peap-mschapv2. We store our nt hash
> passwords as "{nthash}<hash>" instead of "{nt}<hash>". It looks like
> the mschap module doesn't auto-detect the hash-type correctly, and says
> that it never received a valid password hash. All authentication fails
> at this point.
The PAP module is the one which does the password mangling.
> We store it as {nthash} because that's what our other radius servers
> (radiator) expect to see.
I can add the {nthash} format for 2.1.10. In the mean time, try
putting this into the "authorize" section, just before the "pap" module:
if (control:User-Password =~ /^{nthash}(.*)/) {
update control {
User-Password := "{nt}%{1}"
}
}
Alan DeKok.
More information about the Freeradius-Users
mailing list