Another LDAP/RADIUS integration problem.
Alan DeKok
aland at deployingradius.com
Fri Jul 23 20:59:00 CEST 2010
Tom Leach wrote:
> To correct the bind problem, I added an ACL to the directory to allow
> 'uid=admin,o=radtree' to access the userPassword attribute, then
> configured the ldap module to use 'uid=admin,o=radtree' as the identity
> and 'secret' as the password. Now the bind succeeds, the -X output says
> that it's mapping userPassword -> Crypt-Password ==
> "{crypt}4gOgBZqZgtwIw"
The "Crypt-Password" attribute is supposed to be the crypt'd version
of the password *without* the "{crypt}" header. Change the mapping from
"userPassword -> Crypt-Password" to "userPassword -> User-Password", and
it will work.
The PAP module will look for the "{crypt}" header, and create a
Crypt-Password with the appropriate value.
Alan DeKok.
More information about the Freeradius-Users
mailing list