There is smbencrypt radius-utils to generate LM Hash and NT Hash, Any known good perl script to do this? sd...@palm:/usr/bin$ smbencrypt schilling LM Hash NT Hash -------------------------------- -------------------------------- D134D8CD21607749DD4218F5E59DD23A
AF8AC3EF6579FC768515F960FB2096AC Then which one is required? Any format requirement in the ldap? Or just copy the 32 character and put in the ldap? Thanks. Schilling On Wed, Oct 6, 2010 at 2:19 PM, Alan DeKok <[email protected]> wrote: > schilling wrote: >> We are trying to use ldap as backend database for dot1x peap >> authentication thru freeradius. The following link has good >> explanation. >> >> http://vuksan.com/linux/dot1x/802-1x-LDAP.html > > Note it's 5 years old... > >> But do we really need both ntpassword and lmpassword in the ldap directory? > > No. > >> windows client send username and ntpassword to NAS >> NAS send the username/ntpassword to radius in a tunnel >> radius unwrap the tunnel, using the username to fetch the ntpassword >> from ldap, do a comparison of ldap returned ntpassword and unwrapped >> ntpassword, if they are the same, authentication accept. > > No. It's a *lot* more complicated than that. > > All you need to do is to uncomment "ldap" in > raddb/sites-available/inner-tunnel, and it should work. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
