rlm_ldap and auto_header
Tim Palmer
tpalmer at bestweb.net
Tue Nov 11 21:35:03 CET 2008
tnt at kalik.net wrote:
>> Why yes, I did map Cleartext-Password, since the debug error ( and
>> various list postings) seemed clear on that:
>>
>> ldap.attrmap:
>> checkItem Cleartext-Password userPassword
>>
>
> OK. Debug will moan about using User-Password if you are using clear text
> password. It will moan, replace it with Cleartext-Password - and things
> will still work. If you are using clear text passwords you can do this
> mapping to shut it up. Better practice would be to map it to something
> like radiusCleartextPassword and copy userPassword field there.
>
> But mapping encrypted passwords to Cleartext-Password is clearly wrong.
> Remove that mapping and auto_headers in pap will work.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
What you say makes complete sense, but its still not working for me
unless I have ldap do the auto_header. However, I'd done several things
with this machine in this process, so I'm going to rebuild it and start
from scratch, now that I am clear on exactly how this bit is supposed to
work.
Thank you for your input,
tim
More information about the Freeradius-Users
mailing list