freeradius with multiple ldap servers

Sambuddho Chakravarty sc2516 at columbia.edu
Sun Jul 6 00:03:50 CEST 2008


Hello Ivan
 Does that mean that I cannot authenticate against a LDAP server from a
freeradius server using cleartext passwords. So the freeradius client
needs to send the password in encrypted format. But other programs which
using LDAP server to authenticate (eg. the pam_ldap ) takes as input the
cleartext password. Is there a solution to this ? Maybe I am mistaken
somewhere . Please let me know.
Thanks
Sambuddho
On Fri, 2008-07-04 at 09:56 +0100, Ivan Kalik wrote:
> > Problem still persists. What do you mean by the {crypt} header.
> 
> >From RFC2256:
> 
> 5.36. userPassword
> 
>     ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
>       SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
> 
>    Passwords are stored using an Octet String syntax and are not
>    encrypted.
> 
> Since you are intent on violating RFC you need to add a password header
> to indicate what type of encryption is used.
> 
> >rlm_ldap: waiting for bind result ...
> >rlm_ldap: Bind failed with invalid credentials
> >++[ldap1] returns reject
> >auth: Failed to validate the user.
> 
> Without the header userPassword is treated as clear text (not crypted
> value) and that does't match.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list