I'm working on getting wireless network clients to do authentication via
radius plugged into Fedora DS. Windows will do PEAP for authentication,
which encrypts the mschapv2 password check. FreeRadius supports this
and all works well, except...
For Radius to do mschapv2, using Fedora DS, the NT hash of the password
must be in the directory. It cannot use the regular user's password.
I used a perl script to hash a password and put it in a user's entry,
using ntusercomment (for lack of finding a better field), told
FreeRadius that ntusercomment is the NT-Password field it's looking for,
and I was able to successfully authenticate from a Windows box over the
wireless card using WAP. Obviously this is not a good long term solution.
1) Does anyone know of a better way to store NT password hashes in the
directory?
2) Is there a way to update the hash when the user changes their
password? Maybe have DS call a perl script when a password change occurs?
3) Is there a better way of doing this?
Thank you,
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
