Check LDAP password with SHA512
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Tue Feb 2 21:33:50 CET 2016
Alan is right, output from radtest is useless. We need the output of from radiusd -X
>
> (0) ldap (ok)
> (0) pap - WARNING: No "known good" password found for the user. Not
> setting Auth-Type
> (0) pap - WARNING: Authentication will fail unless a "known good"
> password is available
> (0) pap (noop)
> When I am seeing the following from the bind user
>
>
> rlm_ldap (ldap) - Bind successful
> (1) ldap - Reserved connection (6)
> (1) ldap - EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
> (1) ldap - --> (uid=demouser)
> (1) ldap - Performing search in "ou=Users,dc=myhost,dc=com" with
> filter "(uid=bind-user)", scope "sub"
> (1) ldap - Waiting for search result...
> (1) ldap - User object found at DN
> "uid=bind-user,ou=Users,dc=myhost,dc=com"
> (1) ldap - Processing user attributes
> (1) ldap - &control:Password-With-Header +=
> {CRYPT}$6$cbea6d7932dfa76b$YgORZH6XtDXmFEDrcBnX3Ao6JDxACy.BRMTNZ8DkF0idg3cM2D3gPEHRfA05f8dQx14o/4Fi575xXJ.2yDkDA/
> (1) ldap - Released connection (6)
>
> ...
>
> rlm_ldap (ldap) - Bind successful
> (1) ldap (updated)
> (1) pap - Converted: Password-With-Header -> Crypt-Password
> (1) pap - Removing &control:Password-With-Header
> (1) pap (updated)
So... it worked?
You need to provide the rest of the debug output up to the point where it sends an Access-Challenge.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160202/8b10dc36/attachment.sig>
More information about the Freeradius-Users
mailing list