LDAP/MSCHAP
Sven Hartge
sven at svenhartge.de
Fri Nov 11 01:18:25 CET 2011
"Sallee, Stephen (Jake)" <Jake.Sallee at umhb.edu> wrote:
> Please forgive the interjection, but does anyone know of a helper
> module like ntlm_auth that would work with LDAP, seems like such a
> tool would make questions like this a non-issue.
No, will not work. You can't transform the normally used hashes back
into a cleartext password. (This is kind of the whole point of a hash.)
As long you don't have any means to provide FreeRADIUS with a cleartext
password or the NT/LM-Hash, you are doomed.
ntlm_auth just offloads the whole Challenge-Response exchange from the
RADIUS server to the ActiveDirectory (as far as I understand it) using
the ntlm_auth binary from Samba. Again: the AD will have to know the
cleartext password in some way (either encrypted or somehow
"pre-hashed") to make this work. (Don't know the specifics, I am a Unix
guy, the only Windows near me is on my gaming computer.)
Grüße,
S°
--
Sigmentation fault. Core dumped.
More information about the Freeradius-Users
mailing list