Using existing NTLM hashes
Maarten
freeradius-list at servervault.nl
Thu Sep 21 09:09:13 CEST 2017
Hi all,
I just set up a Freeradius server (3.0 on Ubuntu 16.04). I want to use an OpenLDAP server (that has a UserPassword field with an NTLM hash and a prefix that is "{ntlm}", so a password looks like "{NTLM}0CB6948805F797BF2A82807973B89537". Now I would like Freeradius to strip the "{NTLM}" part, and then authenticate using that hash. Amongst server connection settings, I also added this to the ldap module configuration:
password_header = "{ntlm}"
#control:Password-With-Header += 'userPassword'
control:NT-Password := 'UserPassword'
I still get this when testing with an android device:
Thu Sep 21 08:59:02 2017 : WARNING: (7) mschap: NT-Password found but incorrect length, expected 16 bytes got 38 bytes. Authentication may fail
Thu Sep 21 08:59:02 2017 : WARNING: (7) mschap: No Cleartext-Password configured. Cannot create NT-Password
Thu Sep 21 08:59:02 2017 : WARNING: (7) mschap: No Cleartext-Password configured. Cannot create LM-Password
Thu Sep 21 08:59:02 2017 : Debug: (7) mschap: Creating challenge hash with username: MyUserName
Thu Sep 21 08:59:02 2017 : Debug: (7) mschap: Client is using MS-CHAPv2
Thu Sep 21 08:59:02 2017 : ERROR: (7) mschap: FAILED: No NT/LM-Password. Cannot perform authentication
Thu Sep 21 08:59:02 2017 : ERROR: (7) mschap: MS-CHAP2-Response is incorrect
Do you guys have any tips for me on how to resolve this? Sorry if I left out any valuable info.
Thanks,
Maarten
More information about the Freeradius-Users
mailing list