Freeradius with OpenLDAP (Suse Enterprise 10) [SEC=UNCLASSIFIED]
Ranner, Frank MR
Frank.Ranner at defence.gov.au
Fri Feb 15 01:52:18 CET 2008
UNCLASSIFIED
> -----Original Message-----
> > Looking at this it seems that the LDAP record is holding
> the password
> > with a certain encryption and that Radius needs to be told
> to encrypt
> > the password it has passed to it in that format.
> >
> > Anyone know what the LDAP encryption would be, and how to influence
> > RADIUS's treatment of the password.
> >
> > David
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> Now fixed.
>
> All I had to do in the end was add the line for "userPassword" and
> then change this from no to yes
>
> pap {
> auto_header = yes
> }
>
> in my radiusd.conf file which allows radius to work out how to encrypt
> the password - in this case I *THINK* against a /etc/shadow format
> hash
>
>From man slappasswd
-h scheme
If -h is specified, one of the following RFC 2307
schemes may be specified: {CRYPT}, {MD5}, {SMD5},
{SSHA}, and {SHA}. The default is {SSHA}.
Note that scheme names may need to be protected, due to
{ and }, from expansion by the user's command inter-
preter.
{SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1),
the latter with a seed.
{MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the
latter with a seed.
{CRYPT} uses the crypt(3).
{CLEARTEXT} indicates that the new password should be
added to userPassword as clear text.
Regards
Frank Ranner
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: EXTNDATT.TXT
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080215/35aac858/attachment.ksh>
More information about the Freeradius-Users
mailing list