Thanks Matt Sapp,
I hadn't seen this before, and it solved my latest problem. Apparently the 0x prefix lets the appropriate rlm know that the value is already a hash, not to recalculate. I tried the following three simplified examples to demonstrate that what you said is true....
#raddb/users
#This did not work
testy NT-Password := "foobar", Auth-Type := eap
Service-Type = Login-User,
Fall-Through = No
#This did not work
testy NT-Password := "BAAC3929FABC9E6DCD32421BA94A84D4", Auth-Type := eap
Service-Type = Login-User,
Fall-Through = No
#This DID work
testy NT-Password := "0xBAAC3929FABC9E6DCD32421BA94A84D4", Auth-Type := eap
Service-Type = Login-User,
Fall-Through = No
#radiusd.conf
authorize {
preprocess
detail
files
}
authenticate {
Auth-Type ldap {
ldap1
eap
}
eap
}
freeradius-1.0.0
Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
openssl-0.9.7a-33.4.i686.rpm
openldap-2.2.13 (on localhost)
Coates Carter
University of Richmond
<x-tad-bigger>> I'm currently storing NT-Password hashes in a MySQL database, and they
> had to be in the format of "0xblahblahblah".. Authentication wouldn't
> work until I started storing then prefixed with the "0x". I'm not sure
> if they'd need to be in the same format in LDAP, but you might give that
> a try.
-Matt
MNU Internet System Administrator
MNU Network Security Administrator</x-tad-bigger>
