[RADIATOR] PEAP/MSCHAPv2 auth fails with username at realm
hvn at open.com.au
Sun Nov 4 03:59:14 CST 2012
On 11/02/2012 11:23 PM, Christopher Bongaarts wrote:
>> or see goodies/addnthashprefix.txt
> Thanks, this did the trick.
>> That's surprising. I do not think it should work with EncryptedPassword.
> For plain MSCHAPv2, AuthLDAP2 calls AuthGeneric::check_password and sets
> the "encrypted" parameter if EncryptedPasswordAttr is in use. Then
> check_password's MSCHAPv2 code knows that it's an NT password hash and
> everything works.
Ok, good to see it's not surprising after all. The password (MSCHAP-V2)
checks are done differently for the two cases. Thanks for clarifying
this. Next time I'll need to check the code too :)
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
More information about the radiator