Topic: Adding NT/LM passwords and synching them with existing ones
Is this possible:
1) Add NT/LM hashes to the user records by importing the necessary (say samba) schema, and regenerating passwords for all users.
2) Keep existing password and NT/LM hashes in sync when passwords are changed.
Alternately, move toward NT/LM hashes.
In addition to using iRedMail for mail, I am also using it for authenticating other services via additional attributes for some users. In particular, I'd like it to authenticate wireless access via WPA2/Enterprise using EAP-PEAP with the usual Microsoft MSCHAPv2 authentication which requires the password database to store .... NT/LM hashes of the password.
Alternately, does anyone know if I can I force Windows EAP-PEAP clients to use PAP inner authentication? (Yeah, that is vulnerable to a dictionary attack, but so is any password scheme). EAP-PEAP allows this in theory, but I don't know if Windows clients support it.
On Edit: it looks like it should be easy to add LM and NTLM hashing of the password along with the existing hashing. Then email users could be used for MSCHAPv2 authentication.