LOL, K. Just found it interesting that with so little data you were able to devine our schema. The problem here is our LDAP tree will not or cannot change (political reasons... Long story sucks for me, but as they say wish in one hand and poop in the other, get back to me when you figure out which on fills first...)
So yeah I am stuck with Binary NT hash's to use for MSCHAP auth. The odd thing is it works for 95% of our users, it seems there is a character combo that causes the truncation. So I was thinking I would use a perl script (thank you rlm_perl, and PERL-LDAP modules) to perform the LDAP query and then convert the data to ASCII and insert the converted String Data into the NT-Password variable. With that strategy in mind I have a couple questions. 1: Sanity check. Before I begin down this path, does this sound plausible? 2: Suggestions or samples would be greatly appreciated. Thank you Larry -----Original Message----- From: freeradius-users-bounces+lfross=ucdavis....@lists.freeradius.org [mailto:freeradius-users-bounces+lfross=ucdavis....@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Friday, August 21, 2009 11:35 PM To: FreeRadius users mailing list Subject: Re: LDAP MSCHAP error Larry Ross wrote: > Hmm interesting, how were you able to divine that that is how we are storing > the has values... C programming 101. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
