PAP and NT-hashed password
sb
superabx at gmail.com
Tue Dec 30 13:18:02 CET 2014
On Tue, Dec 30, 2014 at 1:09 PM, Fajar A. Nugraha <list at fajar.net> wrote:
> On Tue, Dec 30, 2014 at 4:46 PM, sb <superabx at gmail.com> wrote:
> > Hello!
> >
> > I'm trying to authenticate users from LDAP with FreeRadius by PAP
> protocol.
> > Passwords are stored in LDAP in NT-hash. It's not my idea, I just have
> to do
> > it.
> >
> > When I do
> >
> > radtest -t pap ....
> >
> > I see from freeradius -X:
> >
> > [pap] login attempt with password "n*******W"
> > [pap] Using clear text password "1D******************************9B"
>
> Did you assign the hash as cleartext-password?
>
No, in ldap.attrmap I have:
checkItem NT-Password sambaNtPassword
I've tried to add
checkItem User-Password sambaNtPassword
But it makes no difference. So now there is no User-Password and no
Cleartext-Password in attributes.
>
> > [pap] Passwords don't match
>
> If yes, no wonder it doesn't work
>
> > So the question is: how to force PAP to create NT-hash from the given
> > password and compare hash and hash. but not the password and hash?
>
>
> It should work out of the box:
> http://deployingradius.com/documents/protocols/compatibility.html
>
>
Thank you, I will try.
> That is, assuming you correctly assign the hash as NT-Password, and
> not Cleartext-Password.
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141230/397b6fc3/attachment.html>
More information about the Freeradius-Users
mailing list