Unknown Auth-Type "LDAP" in authenticate sub-section

up at 3.am up at 3.am
Sat Mar 10 04:47:24 CET 2012


> On Sat, Mar 10, 2012 at 5:29 AM,  <up at 3.am> wrote:
>>> So to save lots of time and configuration problem: does your LDAP
>>> store user passwords in clear text or any "common" hash (e.g. md5,
>>> unix)? If yes, AND you know what the LDAP attribute is, you don't even
>>> need an LDAP section in authenticate.
>>
>> Mostly crypt, but I've seen a few SSHA hashes.  I know the ldap attribute as
>> well.  Assuming those hashes are "common" enough, what do I need to do?
>
> If the hash is supported (see
> http://wiki.freeradius.org/Protocol%20Compatibility) , you only need
> to make sure FR sees it in the right place. See ldap.atrmap.

Both hashes are supported, thanks for the link.  I assume I need to define
something to map to, as well?  Like this:

raddb/dictionary:  ATTRIBUTE        userPassword   3004	       string

raddb/ldap.attrmap:  checkItem	 User-Password		userPassword

Then I just noticed this in the ldap module (which we have in the radiusd.conf):

	        # password_attribute = userPassword

Do I understand correctly that I can just uncomment that and not define anything
in the dictionary or ldap.attrmap?

Again, thanks!




More information about the Freeradius-Users mailing list