[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: MsChap v2 passwords and Openldap

To: Nuno Rodrigues <ngrodrigues@gmail.com>
Subject: Re: MsChap v2 passwords and Openldap
From: Adam Tauno Williams <adam@morrison-ind.com>
Date: Mon, 31 Jan 2005 08:58:00 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <c46cbc72050130163629eb9ab0@mail.gmail.com>
Organization: Morrison Industries
References: <c46cbc72050130163629eb9ab0@mail.gmail.com>

> I have the following situation:
> - one 3030 VPN Concentrator
> - AAA Radius Server (Radiator) that uses the accounts stored in one
> OpenLdap Server (the passwords are stored in crypt format)
> The problem is: the PPTP authentication with mschapv2 doesn't work.

Yep,  computing an M$-CHAPv2 hash requires a clear-text password,  so
either change the slapd.conf to use {CLEAR} as the userpassword encoding
or do CHAPv2 via WindBind/Samba which keeps an NT hash around which will
work also.  I'm entirely certain you cannot do M$-CHAPv2 from a
traditional crypt.

> Anyone can help me?

The only role OpenLDAP plays here is how it crypts the password and to
make sure that mechanism is compatible with generating a CHAP hash.

References:
- MsChap v2 passwords and Openldap
  - From: Nuno Rodrigues <ngrodrigues@gmail.com>

Prev by Date: Re: ACI's and 'by users read'
Next by Date: installing overlays?
Index(es):
- Chronological
- Thread