Colleen C. Morrissey wrote: > Hi, > > > >> Why? If you have the clear-text password on the server, you can just >> compare the two. There's no need to configure rlm_pap to do the NT hash. >> >> > > I don't have the clear text password. Your original reply said this > would work with clear text password or nt hash. I have the NT hash > and/or I can get the SHA1 base 64 encoded password (which was working > with gtc by itself). Can I get pap/gtc to work with the NT hash password? > I don't manage the ldap service so getting the clear text password will > not be easy and may not be possible organizationally. Thanks. > > > I know SHA1 will definitely work, as will NT but you will have to use the PAP module. The nt hash should be written into the check item NT-Password, I think sha is SHA-Password.
If your using LDAP just enable auto header and it'll figure it out for you :) , if you do use NT password be sure the FreeRADIUS <-> LDAP nt hash password attribute mapping is correct. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html