[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: MsChap v2 passwords and Openldap



> I have the following situation:
> - one 3030 VPN Concentrator
> - AAA Radius Server (Radiator) that uses the accounts stored in one
> OpenLdap Server (the passwords are stored in crypt format)
> The problem is: the PPTP authentication with mschapv2 doesn't work.

Yep,  computing an M$-CHAPv2 hash requires a clear-text password,  so
either change the slapd.conf to use {CLEAR} as the userpassword encoding
or do CHAPv2 via WindBind/Samba which keeps an NT hash around which will
work also.  I'm entirely certain you cannot do M$-CHAPv2 from a
traditional crypt.

> Anyone can help me?

The only role OpenLDAP plays here is how it crypts the password and to
make sure that mechanism is compatible with generating a CHAP hash.