freeradius3 + openldap + mschapv2

Arran Cudbard-Bell a.cudbardb at
Wed May 28 17:15:34 CEST 2014

On 28 May 2014, at 13:10, Olivier Beytrison <olivier at> wrote:

> On 28.05.2014 12:05, futhwo wrote:
>> Anyway, just for personal culture, why wasn't it necessary in v 2 and is
>> in v 3? I do not have pap instantiated in authorize in my working v2
> I'll let Alan or Arran answer that one.

It's odd, and i'm not quite sure what's happening with that one, it should 
just work without normalisation.

I've done some fairly major tweaking of the code to ensure that if ntPassword
is a binary attribute in LDAP, it's contents will not be molested on the way
to the buffer in the NT-Password octets attribute.

If it doesn't work, i'd still like to get this fixed as it's stupid to have 
to call the pap module just to convert the NT-Password from a hex string to
it's binary form.

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list