PEAP/EAP-MSCHAPv2 with OpenLDAP

Arran Cudbard-Bell a.cudbardb at freeradius.org
Thu Aug 3 22:13:14 CEST 2017


>> It seems that FreeRadius interprets value in my custom LDAP attribute as
>> plain text not hex number.
> 
>  So... you created a custom LDAP attribute / schema, and are surprised that FreeRADIUS doesn't magically figure out what you mean?

Can't you feel the love!

>> LDAP attribute is type "text".
>> 
>> Custom LDAP attribute contains text value E217DE3A51C1329B751A28B9792F42DB.
> 
>  Then pass that text value directly into the NT-Password attribute.  It *will* work.

Not quite, still needs the 0x prefix to be treated as a hex string.

>  If the hash you give above is 32 characters long, and FreeRADIUS expects a 32-character hash

*16 character.

I suppose we *could* add the auto-conversion heuristics to rlm_mschap.  Anyone want to take that on?  Copy paste code from rlm_pap?

-Arran

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170803/99ff20fd/attachment.sig>


More information about the Freeradius-Users mailing list