Yet Another PEAP-MSCHAPV2 problem

Michael Ströder michael at stroeder.com
Tue Sep 22 08:17:14 CEST 2015


Alex Moen wrote:
> Now I just have to figure out why I can't authenticate.  I know one of the
> differences between the "branches" of the directory tree, is that the
> incorrect one is using Crypt passwords, and the correct one is using SSHA
> passwords.  Seems that the SSHA passwords are not working while the Crypt
> passwords do.

Maybe you're misinterpreting your test results:

AFAIK MS-CHAPv2 works with NT password hash (LDAP attribute sambaNTPassword).
It cannot work with any hashed LDAP userPassword value.

Check first whether userPassword and sambaNTPassword are "in sync" (hashes
derived from the same clear-text password).

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150922/bd8c0d32/attachment-0001.bin>


More information about the Freeradius-Users mailing list