1 (edited by rhollan 2010-07-23 09:31:57)

Topic: Adding NT/LM passwords and synching them with existing ones

Is this possible:

1) Add NT/LM hashes to the user records by importing the necessary (say samba) schema, and regenerating passwords for all users.

2) Keep existing password and NT/LM hashes in sync when passwords are changed.

Alternately, move toward NT/LM hashes.

Here's why:

In addition to using iRedMail for mail, I am also using it for authenticating other services via additional attributes for some users. In particular, I'd like it to authenticate wireless access via WPA2/Enterprise using EAP-PEAP with the usual Microsoft MSCHAPv2 authentication which requires the password database to store .... NT/LM hashes of the password.

Alternately, does anyone know if I can I force Windows EAP-PEAP clients to use PAP inner authentication? (Yeah, that is vulnerable to a dictionary attack, but so is any password scheme). EAP-PEAP allows this in theory, but I don't know if Windows clients support it.

On Edit: it looks like it should be easy to add LM and NTLM hashing of the password along with the existing hashing. Then email users could be used for MSCHAPv2 authentication.


Get fast and professional support from iRedMail developers: