2010/10/6 schilling <[email protected]> > There is smbencrypt radius-utils to generate LM Hash and NT Hash, Any > known good perl script to do this? >
You can use Crypt::SmbHash (from CPAN). > sd...@palm:/usr/bin$ smbencrypt schilling > LM Hash NT Hash > -------------------------------- -------------------------------- > D134D8CD21607749DD4218F5E59DD23A > > AF8AC3EF6579FC768515F960FB2096AC > > > > Then which one is required? > NT Hash is required. > > Any format requirement in the ldap? Or just copy the 32 character and > put in the ldap? > > Just put the NT Hash in the sambaNTPassword field in LDAP. > Thanks. > > Schilling > > On Wed, Oct 6, 2010 at 2:19 PM, Alan DeKok <[email protected]> > wrote: > > schilling wrote: > >> We are trying to use ldap as backend database for dot1x peap > >> authentication thru freeradius. The following link has good > >> explanation. > >> > >> http://vuksan.com/linux/dot1x/802-1x-LDAP.html > > > > Note it's 5 years old... > > > >> But do we really need both ntpassword and lmpassword in the ldap > directory? > > > > No. > > > >> windows client send username and ntpassword to NAS > >> NAS send the username/ntpassword to radius in a tunnel > >> radius unwrap the tunnel, using the username to fetch the ntpassword > >> from ldap, do a comparison of ldap returned ntpassword and unwrapped > >> ntpassword, if they are the same, authentication accept. > > > > No. It's a *lot* more complicated than that. > > > > All you need to do is to uncomment "ldap" in > > raddb/sites-available/inner-tunnel, and it should work. > > > > Alan DeKok. > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
