Kevin Ehlers wrote: > Is it possible to modify attributes returned from ldap? E.g. We're > trying to do wpa-enterprise with peap-mschapv2. We store our nt hash > passwords as "{nthash}<hash>" instead of "{nt}<hash>". It looks like > the mschap module doesn't auto-detect the hash-type correctly, and says > that it never received a valid password hash. All authentication fails > at this point.
The PAP module is the one which does the password mangling. > We store it as {nthash} because that's what our other radius servers > (radiator) expect to see. I can add the {nthash} format for 2.1.10. In the mean time, try putting this into the "authorize" section, just before the "pap" module: if (control:User-Password =~ /^{nthash}(.*)/) { update control { User-Password := "{nt}%{1}" } } Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html