Unable to retrieve LDAP attribute in original format
ST Wong (ITSC)
ST at itsc.cuhk.edu.hk
Wed Jun 17 03:20:49 CEST 2020
Hi all,
We've upgraded freeradius from 2.x to 3.0.21. We note that LDAP attributes are always returned as hex string and we're unable to get the attribute as it is.
e.g. we defined in mods-enabled/ldap:
update {
control:NT-Password += 'sambaNtPassword'
while sambaNtPassword value in LDAP is just alphanumeric string without any escape character.
Debug log shows the value in hex (decoding the hex into ASCII matches with the value in LDAP):
Tue Jun 16 11:41:43 2020 : Debug: (8) ldap: Processing user attributes
Tue Jun 16 11:41:43 2020 : Debug: (8) ldap: NT-Password := 0x3034324544323534394233353637304441443342394130374444424339363233
Then we got error "NT-Password has not been normalized by the 'pap' module (likely still in hex format). ".
Tue Jun 16 11:51:43 2020 : Debug: (8) eap_mschapv2: authenticate {
Tue Jun 16 11:51:43 2020 : Debug: (8) eap_mschapv2: modsingle[authenticate]: calling mschap (rlm_mschap)
Tue Jun 16 11:51:43 2020 : WARNING: (8) mschap: NT-Password has not been normalized by the 'pap' module (likely still in hex format). Authentication may fail
Tue Jun 16 11:51:43 2020 : WARNING: (8) mschap: No Cleartext-Password configured. Cannot create NT-Password
Tue Jun 16 11:51:43 2020 : WARNING: (8) mschap: No Cleartext-Password configured. Cannot create LM-Password
Data in LDAP server works in freeradius 2.x.
Would anyone please help?
Thanks a lot.
Regards
/ST Wong
More information about the Freeradius-Users
mailing list