mschap : NT-Password has not been normalized by the 'pap' module.

Mohamed Lrhazi Mohamed.Lrhazi at georgetown.edu
Tue Mar 10 15:54:00 CET 2015


This seems to work, as far as regex being valid format:

/^.MD4.(.*)$/

but my whole config is not quite right yet...

(8) ldap :      control:Password-With-Header += ''{MD4}6DDDAF<...>''
rlm_ldap (ldap): Released connection (4)
(8)   [ldap] = ok
(8)    if (&control:Password-With-Header =~ /^.MD4.(.*)$/)
(8)    if (&control:Password-With-Header =~ /^.MD4.(.*)$/)  -> TRUE
(8)   if (&control:Password-With-Header =~ /^.MD4.(.*)$/)  {
(8)    update control {
(8) EXPAND {nt}%{1}
(8)    --> {nt}6DDDAF<...>
(8)     Password-With-Header := '"{nt}6DDDAFA0E<...>"'
(8)    } # update control = noop
(8)   } # if (&control:Password-With-Header =~ /^.MD4.(.*)$/)  = noop
(8)    if ((ok || updated) && User-Password)
(8)    if ((ok || updated) && User-Password)  -> FALSE
(8)   [expiration] = noop
(8)   [logintime] = noop
(8) WARNING: pap : Auth-Type already set.  Not setting to PAP
(8)   [pap] = noop
(8)  } #  authorize = updated
(8) Found Auth-Type = EAP


What do I need to change this to:

ldap
            if (&control:Password-With-Header =~ /^.MD4.(.*)$/) {
                update control {
                    Password-With-Header := "{nt}%{1}"
                }
            }
            if ((ok || updated) && User-Password) {
                update {
                    control:Auth-Type := ldap
                }
            }




On Tue, Mar 10, 2015 at 10:43 AM, Mohamed Lrhazi <
Mohamed.Lrhazi at georgetown.edu> wrote:

> sorry... keyboard error :)
>
> So, the regex does not seem to compile:
>
> /etc/freeradius/sites-enabled/inner-tunnel[143]: Invalid regular
> expression ^{md4}(.*)$: Invalid preceding regular expression
>
> I tried this too, with same result:  /^\{md4\}(.*)$/
>
>
>
> On Tue, Mar 10, 2015 at 10:41 AM, Mohamed Lrhazi <
> Mohamed.Lrhazi at georgetown.edu> wrote:
>
>>
>> On Tue, Mar 10, 2015 at 10:26 AM, Arran Cudbard-Bell <
>> a.cudbardb at freeradius.org> wrote:
>>
>>> >> ldap            # gets Password-With-Header
>>> >> if (&control:Password-With-Header =~ /^{md4}(.*)$/) {
>>> >>        update control {
>>> >>                Password-With-Header := "{nt}%{1}"
>>> >>        }
>>> >> }
>>
>>
>>
>> That gave me this error:
>>
>>
>


More information about the Freeradius-Users mailing list