PAP and NT-hashed password

Alan DeKok aland at
Wed Dec 31 14:34:10 CET 2014

On Dec 30, 2014, at 10:58 AM, sb <superabx at> wrote:
> Thank you, Alan! I will try to upgrade to 2.2.6.

  That’s really the best solution.

> Actually we have no userPassword field in LDAP, the string 

  The debug output shows you do.  FreeRADIUS doesn’t *invent* a password.

> Possible I have to add {nt} prefix before the password?
> "checkItem    User-Password            {nt}sambaNtPassword" - that won't work?

  No.  The “userPassword” field in LDAP can contain passwords in many formats.  In order to tell them apart, the contents of “userPassword” have a prefix added.  The prefix says what format is used by the rest of the userPassword field.  For NT passwords, it’s {nt}.

  Alan DeKok.

More information about the Freeradius-Users mailing list