Alan DeKok wrote:
The *client* has to supply the MS-CHAP magic using the LAN-manager
password. Since the client always chooses NT-hashed passwords... using
LAN manager passwords is not possible.
From the README is src/modules/rlm_mschap
*****
The method just described is called NT-encryption by the RFC. MS-CHAP is
actually designed for compatability with Microsoft LAN Manager as well.
The response returned by the client actually contains an LM encrypted
response as well as the NT-encrypted password. This implementation only
uses the NT-encrypted response, which seems to work fine for Windows 98
and Windows 2000.
*****
So it seems more a limit of the server.
Could it be possible to see in the debug if the two encrypted pwd are
available ? if thy're there it could be possible to write a patch and,
possibly, to attach directly to the AD (which seems to make that LM pwd
available).
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
