<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt">Hello,<br><br> <span style="color: rgb(0, 0, 255);">Sorry to bother you again. Where should I </span><br style="color: rgb(0, 0, 255);"><span style="color: rgb(0, 0, 255);">apply the Crypt-Password? Should I apply it in </span><br style="color: rgb(0, 0, 255);"><span style="color: rgb(0, 0, 255);">radiusd.conf or in the ldap.attrmap file?</span><br><br>
Do the changes in ldap.attrmap<br>
<br>
CheckItem Crypt-Password userPassword<br>
<div>CheckItem User-Password userPassword<br>
</div>==================================================<br><br>Benjamin K. Eshun<div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br><br><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">----- Message d'origine ----<br>De : Tim Tyler <tyler@beloit.edu><br>À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org><br>Envoyé le : Mardi, 6 Mars 2007, 17h45mn 42s<br>Objet : Re: ldap passwords?<br><br><div>Ivan,<br> Sorry to bother you again. Where should I <br>apply the Crypt-Password? Should I apply it in <br>radiusd.conf or in the ldap.attrmap file?<br> What line were you referring to?<br> My ldap database stores the password in <br>userPassword field. I assume that I should <br>keep password_attribute = userPassword in the radiusd.conf file, correct?<br>Tim<br><br>At 04:51 PM 3/5/2007, you
wrote:<br>>Use Crypt-Password not User-Password.<br>><br>>Ivan Kalik<br>>Kalik Informatika ISP<br>><br>><br>>Dana 5/3/2007, "Tim Tyler" <tyler@beloit.edu> pi¹e:<br>><br>> > Freeradius experts,<br>> > I am trying to configure freeradius to use openldap as a backend<br>> >for authentication, but I can't seem to get the passwords to<br>> >authenticate. It seems to have no problem binding and finding the<br>> >username (uid). I am using crypt passwords in the ldap userPassword field:<br>> >userPassword:: e1NTSEF9aXBWQklEYnZYSU9RdWl2V0ZtdGR5MWxIWFFsZWVCMjQ=<br>> ><br>> > I am not using any radius attributes. I simply want to allow any<br>> >uid to authenticate. I get these results:<br>> ><br>> >rad_recv: Access-Request packet from host <br>> 144.89.40.8:59881, id=60, length=59<br>>
> User-Name = "tylertj"<br>> > User-Password = "xxxxxx"<br>> > NAS-IP-Address = 255.255.255.255<br>> > NAS-Port = 1812<br>> >rlm_ldap: - authorize<br>> >rlm_ldap: performing user authorization for tylertj<br>> >rlm_ldap: ldap_get_conn: Checking Id: 0<br>> >rlm_ldap: ldap_get_conn: Got Id: 0<br>> >rlm_ldap: (re)connect to ldap.beloit.edu:389, authentication 0<br>> >rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cacert.cer<br>> >rlm_ldap: starting TLS<br>> >rlm_ldap: bind as / to ldap.beloit.edu:389<br>> >rlm_ldap: waiting for bind result ...<br>> >rlm_ldap: Bind was successful<br>> >rlm_ldap: looking for check items in directory...<br>> >rlm_ldap: looking for reply items in
directory...<br>> >rlm_ldap: user tylertj authorized to use remote access<br>> >rlm_ldap: ldap_release_conn: Release Id: 0<br>> >rad_recv: Access-Request packet from host <br>> 144.89.40.8:59881, id=60, length=59<br>> >Sending Access-Reject of id 60 to 144.89.40.8:59881<br>> ><br>> ><br>> > What might I be doing wrong? I presume that the ldap server<br>> >doesn't have to store the passwords in plain text, correct? I can<br>> >store them in md5 or SHA1 hash if I want, correct? I did uncomment:<br>> ><br>> >authenticate {<br>> > Auth-Type LDAP {<br>> > ldap<br>> > }<br>> ><br>> > Am I wrong to think this is now a password issue?<br>> >Tim<br>> ><br>> ><br>> ><br>> ><br>> ><br>> >Tim
Tyler<br>> >Network Engineer - Beloit College<br>> >tyler@beloit.edu<br>> ><br>><br>>-<br>>List info/subscribe/unsubscribe? See <a target="_blank" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br><br>Tim Tyler<br>Network Engineer - Beloit College<br>tyler@beloit.edu <br><br><br><br>- <br>List info/subscribe/unsubscribe? See <a target="_blank" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br></div></div><br></div></div><br>
<hr size="1">
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur <a href="http://fr.rd.yahoo.com/evt=42054/*http://fr.answers.yahoo.com">Yahoo! Questions/Réponses</a>.</body></html>