MSCHAPV2 + OpenLDAP
Клеусов Владимир Сергеевич
Kleusov.Vladimir at wildberries.ru
Tue Aug 11 10:31:01 CEST 2020
Thanks.
I don't quite understand.
> 2. Store your NT-hashed passwords there
How do I do this ?
> 10 авг. 2020 г., в 20:10, Martin Pauly <pauly at hrz.uni-marburg.de> написал(а):
>
> Am 03.08.20 um 20:04 schrieb Клеусов Владимир Сергеевич via Freeradius-Users:
>> cleartext is not suitable.
> sure, and not needed either.
>> Is there an instruction for enabling nthash in openldap ?
> In principle, yes -- but be careful. The ancient NTLM Hash is pretty close to cleartext in 2020,
> so make sure nobody steals the hash.
>
> 1. Create an attribute conataining NTLMHash in your OpenLDAP schema, named e.g. MyNTPassword
> 2. Store your NT-hashed passwords there
> 3. In mods-available/ldap, there's already a well-prepared config line for you in the update{} section
> starting with control:NT-Password. On the right hand's side of this assignment, adjust the LDAP
> attribute Name e.g. to MyNTPassword an uncomment the line
>
> The result looks similar to:
>
> ldap {
> [...]
> update {
> control:NT-Password := 'MyNTPassword'
> [...]
> }
> [...]
> }
>
> FR will pull the NTLM Hash from LDAP and perform the server side of the MS-CHAP authentication itself,
> no Windows server needed.
>
> HTH, Martin
>
>
> --
> Dr. Martin Pauly Phone: +49-6421-28-23527
> HRZ Univ. Marburg Fax: +49-6421-28-26994
> Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
> D-35032 Marburg
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list