mschap : NT-Password has not been normalized by the 'pap' module.
Mohamed Lrhazi
Mohamed.Lrhazi at georgetown.edu
Tue Mar 10 13:31:59 CET 2015
Thank you guys. Am looking at my options trying to migrate existing setup
from Juniper SBR... I found out that {MD4} header is a Juniper
requirement.... Their support sites states this in a KB article.
LDAP authentication method in SBR supports MS-CHAP-v2 only if the following
two conditions are met:
1. If BINDNAME method is used in ldapauth.aut
2. If the LDAP server can return clear-text password or MD4 hash of
Unicode form of password to SBR
*Note:* If the LDAP database stores user password in MD4 hash format,
{MD4} should
be prepended in front of the hashed password that is stored in LDAP
database. This is done in order to notify SBR that it is actually an MD4
hash password.
Where do I request support for this header? github ticket?
Thank you so much,
Mohamed.
On Tue, Mar 10, 2015 at 5:44 AM, Stefan Paetow <Stefan.Paetow at jisc.ac.uk>
wrote:
> > only for a plain text method - e.g. TTLS/PAP
>
> You could, if your OS does not support TTLS/PAP, try TTLS/EAP-GTC (Generic
> Token Card) instead (which should support PAP).
>
> Stefan Paetow
> Moonshot Industry & Research Liaison Coordinator
>
> t: +44 (0)1235 822 125
> gpg: 0x3FCE5142
> xmpp: stefanp at jabber.dev.ja.net
> skype: stefan.paetow.janet
> Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT No.
> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
> Bristol, BS2 0JA. T 0203 697 5800.
> Jisc Collections and Janet Ltd. is a wholly owned Jisc subsidiary and a
> company limited by guarantee which is registered in England under Company
> No. number 2881024, VAT No. GB 197 0632 86. The registered office is: Lumen
> House, Library Avenue, Harwell, Didcot, Oxfordshire, OX11 0SG. T 01235
> 822200.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list