Freeradius-Users Digest, Vol 39, Issue 18 topic 5: freeradiuswith multiple ldap servers

Sambuddho Chakravarty sc2516 at columbia.edu
Thu Jul 3 23:30:27 CEST 2008


Hello Ivan
 Problem still the same

I changed :-



On Thu, 2008-07-03 at 22:20 +0100, Ivan Kalik wrote:
> >
> >Added to ldap.attrmap
> >---------------------------
> >checkItem       Crypt-Password                  userPassword
> >
> 
Removed this from ldap.attrmap

> Don't do that. userPassword is already mapped in ldap module:
> 
> # password_attribute: Define the attribute which contains the user
> # password.
> # While integrating FreeRADIUS with Novell eDirectory, set
> # 'password_attribute = nspmpassword' in order to use the universal
> # password of the eDirectory users for RADIUS authentication. This will
> # work only if FreeRADIUS is configured to build with --with-edir option.
> #
> # default: NULL - don't add password
> #
> # password_attribute = "userPassword"
> 
> # password_radius_attribute: Defined the RADIUS attribute where the
> extracted
> # user password will be stored to. Can be used to set it to NT-Password
> or any
> # other similar attribute instead of the default
> #
> # default: User-Password
> #
> # password_radius_attribute = "NT-Password"
> 
> >Added to modules/ldap
> >
> >
> >ldap ldap1{
> >	....
> >
> > identity = (root DN)
> > password = (password for the root DN)
> >
> > password_header="{crypt}"
> > password_attribute=Crypt-Password

Yes changed this to password_radius_attribute=Crypt-Password

However , if I change the password_attribute=userPassword, the auth type
is detected wrongly as Local 

auth: type Local
auth: user supplied User-Password does NOT match local User-Password

Thanks
Sambuddho

> No, not password_attribute but password_radius_attribute.
> password_attribute should remain userPassword (as it is by default).
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list