I'm working on getting wireless network clients to do authentication via radius plugged into Fedora DS. Windows will do PEAP for authentication, which encrypts the mschapv2 password check. FreeRadius supports this and all works well, except... For Radius to do mschapv2, using Fedora DS, the NT hash of the password must be in the directory. It cannot use the regular user's password. I used a perl script to hash a password and put it in a user's entry, using ntusercomment (for lack of finding a better field), told FreeRadius that ntusercomment is the NT-Password field it's looking for, and I was able to successfully authenticate from a Windows box over the wireless card using WAP. Obviously this is not a good long term solution. 1) Does anyone know of a better way to store NT password hashes in the directory? 2) Is there a way to update the hash when the user changes their password? Maybe have DS call a perl script when a password change occurs? 3) Is there a better way of doing this? Thank you,
