Colleen C. Morrissey wrote:
Hi,
Why? If you have the clear-text password on the server, you can just
compare the two. There's no need to configure rlm_pap to do the NT hash.
I don't have the clear text password. Your original reply said this
would work with clear text
Colleen C. Morrissey wrote:
I don't have the clear text password. Your original reply said this
would work with clear text password or nt hash. I have the NT hash
and/or I can get the SHA1 base 64 encoded password (which was working
with gtc by itself). Can I get pap/gtc to work with the
That worked. Thank you!
Alan DeKok wrote:
Colleen C. Morrissey wrote:
I don't have the clear text password. Your original reply said this
would work with clear text password or nt hash. I have the NT hash
and/or I can get the SHA1 base 64 encoded password (which was working
with gtc by
I spoke too soon. This works ok for a user/password in users file, but
not via LDAP. Via ldap mschap works but not gtc. Below is snippet of
output when it is failing. Any advice on how to fix would be appreciated:
[EMAIL PROTECTED] raddb]# more gtc_info
modcall: entering group authenticate
Colleen C. Morrissey wrote:
I spoke too soon. This works ok for a user/password in users file, but
not via LDAP. Via ldap mschap works but not gtc. Below is snippet of
output when it is failing. Any advice on how to fix would be appreciated:
[EMAIL PROTECTED] raddb]# more gtc_info
Hi,
Why? If you have the clear-text password on the server, you can just
compare the two. There's no need to configure rlm_pap to do the NT hash.
I don't have the clear text password. Your original reply said this
would work with clear text password or nt hash. I have the NT hash
Colleen C. Morrissey wrote:
My question is can I somehow support both simultaneously with the same
freeradius daemon (I know I can simply run a second daemon on different
port supporting the other but that will require me to do lots of work on
infrastructure/ssids to point to different
Thanks! I had ldap returning Password-with-Header for GTC deployment
and then added NT-Password for ms-chapv2. Commenting out the
password-with-header for userpassword in ldap.attrmap seems to allow
both to work. Which makes my life much easier :)
Alan Dekok wrote:
Colleen C. Morrissey
Hi,
I am running version 1.1.6 and have had a successful 802.1x/PEAP-GTC
deployment for 3+ years. With Vista it looks like I have to move to
802.1x/PEAP-MSCHAPv2 - can not find peap-gtc supplicant. I was able to
get 802.1x/PEAP-MSCHAPv2 working.
My question is can I somehow support both
9 matches
Mail list logo
