Unknown Auth-Type "LDAP" in authenticate sub-section

Fajar A. Nugraha list at fajar.net
Sat Mar 10 02:52:32 CET 2012


On Sat, Mar 10, 2012 at 5:29 AM,  <up at 3.am> wrote:
>> So to save lots of time and configuration problem: does your LDAP
>> store user passwords in clear text or any "common" hash (e.g. md5,
>> unix)? If yes, AND you know what the LDAP attribute is, you don't even
>> need an LDAP section in authenticate.
>
> Mostly crypt, but I've seen a few SSHA hashes.  I know the ldap attribute as
> well.  Assuming those hashes are "common" enough, what do I need to do?

If the hash is supported (see
http://wiki.freeradius.org/Protocol%20Compatibility) , you only need
to make sure FR sees it in the right place. See ldap.atrmap.

>
> I should point out that I had been using:
>
> DEFAULT         Auth-Type = Ldap
>
> In the users file as well on the two older servers, despite docs that say that it
> is "almost always wrong", but it was the only way we got it working.
>

If you have the attribute, and the hash is supported, you shouldn't need that.

-- 
Fajar


More information about the Freeradius-Users mailing list