I doubt it will be possible to remove that. Is it possible to authenticate to this ldap database in another way? I thought I had read of a way to bind to the ldap server as the user we are trying to authenticate, but I can not find any good info on this.
Thanks again for your help. JPG > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] On Behalf Of Phil > Mayers > Sent: Wednesday, January 25, 2006 11:45 AM > To: FreeRadius users mailing list > Subject: Re: Yet another PEAP/LDAP Question > > Jon P. Giza wrote: > > Phil: > > > > I have made the suggested changes, and new debug's below: > > > > rlm_ldap: looking for check items in directory... > > rlm_ldap: Adding userPassword as NT-Password, value ( & op=21 > > rlm_ldap: looking for reply items in directory... > > ... > > modcall: entering group MS-CHAP for request 5 > > rlm_mschap: No User-Password configured. Cannot create LM-Password. > > rlm_mschap: Invalid NT-Password > > The bit of code that generates this error checks for a length of 16 > bytes (the actual bytes) or 32 (un-prefixed hex-encoded, in which case > it decodes it). Therefore the userPassword attribute must be something > other than the form: > > 0123456789abcdef0123456789abcdef > > Your original debug log showed: > > rlm_ldap: Added password (6BDC5527858B28XXXXXXXXXEFAF2323F) in check items > > ...and from the looks of the rlm_ldap code those brackets '()' are part > of the data in the LDAP server, not part of the message print out > function. > > Quite why you'd wrap an ntPassword in round brackets I don't know, but > you'll need to remove them somehow. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html