[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-software
Subject:    Re: MsChap v2 passwords and Openldap
From:       Adam Tauno Williams <adam () morrison-ind ! com>
Date:       2005-01-31 13:58:00
Message-ID: 1107179880.5915.6.camel () laptop01 ! whitemice ! org
[Download RAW message or body]

> I have the following situation:
> - one 3030 VPN Concentrator
> - AAA Radius Server (Radiator) that uses the accounts stored in one
> OpenLdap Server (the passwords are stored in crypt format)
> The problem is: the PPTP authentication with mschapv2 doesn't work.

Yep,  computing an M$-CHAPv2 hash requires a clear-text password,  so
either change the slapd.conf to use {CLEAR} as the userpassword encoding
or do CHAPv2 via WindBind/Samba which keeps an NT hash around which will
work also.  I'm entirely certain you cannot do M$-CHAPv2 from a
traditional crypt.

> Anyone can help me?

The only role OpenLDAP plays here is how it crypts the password and to
make sure that mechanism is compatible with generating a CHAP hash.
[prev in list] [next in list] [prev in thread] [next in thread]