Kostas et al, I tried again and I'm not getting in either. Everyting looks right. freeRadius loads the password in the NT-Password attribute, and I re-write it to '0x'. It looks right but indicates that the failed challenge response. Can you see anything in here that doesn't look right?
Jason Howk [EMAIL PROTECTED] wrote:
rlm_attr_rewrite: Changed value for attribute NT-Password from
'{NT}8846F7EAEE8FB117AD06BDD830B7586C' to
'0x8846F7EAEE8FB117AD06BDD830B7586C'
You should remove the {NT} header, and nothing more All of the code
in the server which uses NT-Password will
No go. I put in some additional debug statements and recompiled
eap_leap and I'm seeing some interesting results. If I follow what is
described below, the output from the call to
eapleap_ntpwdhash()(eap_leap.c:198) is totally different if I revert
back to using the LDAP ntPassword attribute
Jason Howk [EMAIL PROTECTED] wrote:
No go. I put in some additional debug statements and recompiled
eap_leap and I'm seeing some interesting results. If I follow what is
described below, the output from the call to
eapleap_ntpwdhash()(eap_leap.c:198) is totally different if I revert
Maybe this will help:
In eap_leap.c:219 there's an if statement looking for the normal
password attribute. If that's not found according to the comments must
be an NT-Password. The value that's being assigned to the ntpwdhash is
coming from password-strvalue. I ran a test an in the normal
Hi,
I'm wondering if anyone has ever tried to put an NT hash password
directly into the LDAP userPassword field, and have it authenticated
through free radius.
Just one nosy question (I'm always trying to collect data on that issue):
Why are you using NT hash passwords instead of
Sure. The main reason why I am moving down this approach is two fold
-- one systematic, one more philosophical. First, in our particular
implementation we need to use (i.e are locked into using) EAP-LEAP.
LEAP supports two variants for the password, clear text and NT hashed
password. The
On Mon, 7 Feb 2005, Jason Howk wrote:
I'm wondering if anyone has ever tried to put an NT hash password directly
into the LDAP userPassword field, and have it authenticated through free
radius.
Here's the situation:
We have a working configuration that is setup as EAP-LEAP and LDAP where the
OK. I think I found my issue...
When mapping the NT-Password to the userPassword, freeRadius is not
reading beyond the first character of the attribute when it's a {.
Subsequently all that I see is, Adding userPassword as NT-Password,
value { op=21. To see if it was just this attribute or
On Tue, 8 Feb 2005, Jason Howk wrote:
OK. I think I found my issue...
When mapping the NT-Password to the userPassword, freeRadius is not reading
beyond the first character of the attribute when it's a {. Subsequently
all that I see is, Adding userPassword as NT-Password, value { op=21. To
On Tue, 8 Feb 2005, Kostas Kalevras wrote:
On Tue, 8 Feb 2005, Jason Howk wrote:
OK. I think I found my issue...
When mapping the NT-Password to the userPassword, freeRadius is not reading
beyond the first character of the attribute when it's a {. Subsequently
all that I see is, Adding
Thanks. I Appreciate it.
--Jason.
On Feb 8, 2005, at 2:10 PM, Kostas Kalevras wrote:
On Tue, 8 Feb 2005, Jason Howk wrote:
OK. I think I found my issue...
When mapping the NT-Password to the userPassword, freeRadius is not
reading beyond the first character of the attribute when it's a {.
Great, I'll give it a shot. Thanks a bunch.
--Jason.
On Feb 8, 2005, at 2:40 PM, Kostas Kalevras wrote:
On Tue, 8 Feb 2005, Kostas Kalevras wrote:
On Tue, 8 Feb 2005, Jason Howk wrote:
OK. I think I found my issue...
When mapping the NT-Password to the userPassword, freeRadius is not
reading
I'm not getting it to work. I did just an LDAP rebuild and I didn't see a change, so I did a full checkout and compile with no results there either. Am I missing something?
Thanks,
J.
Relevant parts of the radiusd.conf:
ldap {
...
password_header = {NT}
password_radius_attribute = NT-Password
On Tue, 8 Feb 2005, Jason Howk wrote:
I'm not getting it to work. I did just an LDAP rebuild and I didn't see a
change, so I did a full checkout and compile with no results there either.
Am I missing something?
Thanks,
J.
Relevant parts of the radiusd.conf:
ldap {
...
Kostas Kalevras [EMAIL PROTECTED] wrote:
...
On a related note, I've been talking with someone who's been working
on auto-discovery of passwords. This should minimize configuration.
e.g.
{nt}blah - NT-Password = blah
{crypt}blah - Crypt-Password = blah
...
I've updated rlm_pap
Removed the checkItem mapping, and re-ran but unfortunately no go. Also tried commenting out the password_header directive and then re-writing to a 0x. Unfortunately nothing there either... Here's the output:
rad_recv: Access-Request packet from host 10.160.111.240:21645, id=157, length=124
I'm wondering if anyone has ever tried to put an NT hash password
directly into the LDAP userPassword field, and have it authenticated
through free radius.
Here's the situation:
We have a working configuration that is setup as EAP-LEAP and LDAP
where the NT hash is stored in the ntPassword
18 matches
Mail list logo