(RADIATOR) NT Hashed passwords, Samba and Radiator

[Mike McCauley]

Hello all,

we have recently issued a patch that permits Radiator to use NT Hashed 
passwords to authenticate PAP, MSCHAP, MSCHAPV2, EAP-MSCHAPV2 and EAP-LEAP. 
This means that Radiator is now compatible with Samba PDC passwords. Samba 
can keep such passwords in flat files or LDAP, and act as a Windows primary 
domain controller. Radiator can now be configured to use those same Samba 
passwords to authenticate dialup, wired and wireless (and other) access.

This means that in conjunction with Samba, Radiator can provide a complete 
single sign-on service for Unix and Windows clients, including wired and 
wireless access from Windows XP using PEAP etc.

The primary change is that Encrypted-Password can now be a 32 byte hex encoded 
NT hashed password, in precisely the same format Samba uses to store its user 
and computer passwords. Therefore all you have to do is configure AuthBy 
LDAP2 to extract the ntPassword attribute out of Samba's LDAP and use that as 
Encrypted-Password.

example:
pwtest14  Encrypted-Password = DCB8E94AC7D0AADC8A81D9C895ACE5F4

Feedback and issues to me please.
Cheers.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.