PAP and NT-hashed password
Alan DeKok
aland at deployingradius.com
Tue Dec 30 16:00:53 CET 2014
On Dec 30, 2014, at 8:50 AM, sb <superabx at gmail.com> wrote:
> freeradius: FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Feb 24 2014 at 15:16:50
>
> Rather old one, but it is not a new system, I just have to add this feature. It the upgrade is needed, it's ok, but it will take some time to stop the production.
You shouldn’t need to upgrade.
> Full output of freeradius -X after command
>
> [local] performing search in dc=ourcorp,dc=net, with filter (uid=abx)
> [local] checking if remote access for abx is allowed by dialupAccess
> [local] Added User-Password = 1D*************************************9B in check items
And… that’s the issue. You’ve configured it to get the User-Password from LDAP.
> [local] No default NMAS login sequence
> [local] looking for check items in directory...
> [local] sambaNtPassword -> NT-Password == 0x31***********************************************************************42
That means it’s not using the NT-Password.
> Found Auth-Type = PAP
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!! Replacing User-Password in config items with Cleartext-Password. !!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> !!! Please update your configuration so that the "known good" !!!
> !!! clear text password is in Cleartext-Password, and not in User-Password. !!!
> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
It helps to READ these messages and fix the problem. If you had done that, it would have worked.
Alan DeKok.
More information about the Freeradius-Users
mailing list