hi, Well, our aim is to store the ntpassword field in... a win2k Active Directory ... it is an ldap server, isn't it? I've checked plain auth against AD, and it runs ok ;) But i'll have to extend its schema in order to use ntpassword, and it'll take some time (and headaches ?).
You don't have to do too much in order to use ntpassword: extend your ldap schema to allow it (samba schema), and just configure freeradius to use your ldap: from logs, i've seen that freeradius detects the ntpassword field while doing the ldap authorization, and retrieves it, so it's available when doing eap mschap2 authentication. At least, it works... bye
>From: Martin Pauly <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: PEAP + LDAP with crypted PWs?
>
>>> crypted passwords... so what i'm planning to do is a middle step:
>>> people will have to authenticate via web the first time, in order to ch=
>eck
>>> the password. Then, if its correct the password will be hashed in the a=
>ir
>>> to NT format. This value will be stored in LDAP in the ntpassword (samb=
>a
>hm, we do this already, except the NT-hashed password is not kept on the =
>UN*X=20
>side but immediately passed on to our windows servers. So this _might_ be
>a way do authenticate our local users. In the long run, we want make this=
> part
>of DFNRoaming, a yet-to-build-network of german university RADIUS servers
>proxying each other =3D=3D> use one Account to log on to almost any germa=
>n=20
>university network. This would _probably_ require the password itself.
>
>
>>> I've tested it, and freeRadius correctly retrieves the LDAP ntpassword =
>while
>>> authorizing, and authenticate with it PEAP+MSCHAPv2 ok against an XP=20
>>> client...
>
>
>How do you configure this, i.e. how do you make FreeRadius retrieve the N=
>T-hashed
>password first?
>
>Cheers, Martin
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
