Yet Another PEAP-MSCHAPV2 problem
Alex Moen
alexm at ndtel.com
Tue Sep 22 14:54:28 CEST 2015
On 09/21/2015 05:49 PM, Matthew Newton wrote:
>> So, I have switched (in the /etc/raddb/mods-available/ldap file) from:
>> control:Password-With-Header += 'userPassword'
>> to:
>> control:Password-With-Header += 'sambaNTPassword'
>
> Password-With-Header expects a {...} header at the start (see the
> man page for rlm_pap). So you can either use unlang to add the
> header on, or just update NT-Password instead, as in the ldap
> config.
>
> So in mods-enabled/ldap update {}, comment out
> control:Password-With-Header += 'userPassword', then
> uncomment
>
> # control:NT-Password := 'ntPassword'
>
> and set it to
>
> control:NT-Password := 'sambaNTPassword'
>
This fixed it. Thanks so much for the help Matthew! I would not have
figured this out on my own!
Hopefully this can help someone else!
I've been working with radius and LDAP for years now. Not these
versions, of course, which are so much more refined and versatile. But,
these services are such that once you get them up and running, you
rarely have to touch them again. Like, in years. Unless you're trying
to do something new, which is when you are exposed to the new and
improved versions. Since they are so robust and well-made, you have to
relearn everything. It's quite a testament to the developers of these
software packages, and I don't think they get enough credit or thanks.
So, a huge THANK YOU to the developers for putting so much time and
effort into this for us!!!
Alex
More information about the Freeradius-Users
mailing list