PAP and NT-hashed password
sb
superabx at gmail.com
Tue Dec 30 10:46:34 CET 2014
Hello!
I'm trying to authenticate users from LDAP with FreeRadius by PAP protocol.
Passwords are stored in LDAP in NT-hash. It's not my idea, I just have to
do it.
When I do
radtest -t pap ....
I see from freeradius -X:
[pap] login attempt with password "n*******W"
[pap] Using clear text password "1D******************************9B"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Login incorrect (rlm_pap: CLEAR TEXT password check failed):
[user/n***********W] (from client localhost port 0)
Using Post-Auth-Type Reject
So, FreeRadius compares my clear-text password with NT-hash taken from
LDAP. Of course they are mismatched and I got a reject. If I'm using this
hash as a password, it works.
At same time if I use mschap, it works well:
radtest -t mschap ...
+- entering group MS-CHAP {...}
[mschap] Found LM-Password
[mschap] Found NT-Password
[mschap] Told to do MS-CHAPv1 with NT-Password
[mschap] adding MS-CHAPv1 MPPE keys
++[mschap] returns ok
So the question is: how to force PAP to create NT-hash from the given
password and compare hash and hash. but not the password and hash?
Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141230/eaae2a9c/attachment.html>
More information about the Freeradius-Users
mailing list