Freeradius + LDAP password trouble
Alan DeKok
aland at deployingradius.com
Mon Jul 19 11:55:43 CEST 2010
Lionne Stangier wrote:
> Freeradius can't read the LDAP user passwords. Our LDAP passwords encoded in sha.
.. it is impossible to use PEAP with SHA passwords.
http://deployingradius.com/documents/protocols/compatibility.html
> I access with a Windows XP Client. Without LDAP it's work without problem.
>
> 2nd question. Can I access with Windows XP without using certificates?
I don't know what that means.
...
> [ldap] performing user authorization for lionne.stangier [ldap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
> [ldap] ... expanding second conditional
> [ldap] expand: %{User-Name} -> lionne.stangier
> [ldap] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=lionne.stangier)
> [ldap] expand: dc=allesklar,dc=com -> dc=allesklar,dc=com
> [ldap] ldap_get_conn: Checking Id: 0
> [ldap] ldap_get_conn: Got Id: 0
> [ldap] performing search in dc=allesklar,dc=com, with filter (uid=lionne.stangier) [ldap] looking for check items in directory...
> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
The LDAP search isn't returning a userPassword. So... what is in
LDAP? What is returned when you do a search from the command line?
Alan DeKok.
More information about the Freeradius-Users
mailing list