No "known good" password was found in LDAP

Phil Mayers p.mayers at imperial.ac.uk
Thu Jul 22 21:56:49 CEST 2010


On 07/22/2010 08:26 PM, newtownz wrote:

> The password stored in eDirectory is valid.
>
> My understanding of eDirectory is that it will never let you see the actual
> password
> of a user, it will hash it first. Is this behavior of freeradius normal?

There is eDirectory support in the rlm_ldap module which (I belive) does 
a "special" query to get a the "universal password); see the docs for 
rlm_ldap.

But you (or rather the FreeRadius bind DN) *will* need permissions to 
read the plaintext password or you're stuck. You need that password or 
the NT/LM hash to do PEAP/MS-CHAP.

>
> Later in the process the user is rejected because no Auth-Type was found,
> is this related?

Yes.



More information about the Freeradius-Users mailing list