<br><br><div class="gmail_quote">On Jan 24, 2008 9:59 AM, Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">Tomasz Zieleniewski wrote:<br>> Still something is wrong.<br>><br>> I have the following authorize section:<br></div>...<br><br> In which the default configuration has been massively changed.
<br><br> I'm not sure where else to document this: If you are not clear on how<br>the server works, then DO NOT CHANGE THE DEFAULT CONFIGURATION.<br><br> If the configuration you've created doesn't work, then it's clear that
<br>there's something missing. In that case, follow the instructions in the<br>"man" page for how to create a working configuration.<br>...<br><div class="Ih2E3d">> Thu Jan 24 09:40:35 2008 : Debug: ++[ldap] returns ok
<br>> Thu Jan 24 09:40:35 2008 : Debug: auth: type Local<br><br></div> Something in your local changes has set "Auth-Type := Local".</blockquote><div> </div><div>I didn't set it explicit. I don't know what caused setting Auth-Type to Local!!!!!!
<br>But I found my error. The problem was in ldap<br>I didn't have Auth-Type Set in radius and I used old config from docs<br>directory which didn't have set_auth_type parameter.<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><br> Can you please explain WHY you're doing that, WHERE you found<br>documentation saying that it was a good idea, and WHAT you think it's doing?<br><br> The documentation that comes with 2.0 tries very hard to explain that
<br>setting "Auth-Type" is almost always wrong. Is there somewhere else we<br>need to document this?<br><br> In addition, you're mapping a hashed password to a clear-text password:<br><div class="Ih2E3d"><br>
> Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: LDAP attribute<br>userPassword as RADIUS attribute Cleartext-Password ==<br>"{MD5}SNNMxdM+Zfvr//0yEp0DuA=="<br><br></div> Again, this is NOT in the default configuration, and WILL NOT WORK.
</blockquote><div><br>Similar problem my LDAP server return hashed passwords instead of plain-text<br>i added additional parameter in LDAP which solved the issue.<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br><br> Start off with the default configuration. Configure the "ldap"<br>module, and un-comment it from the "authorize" section. Your tests<br>SHOULD work.<br><font color="#888888"><br> Alan DeKok.
<br></font><div><div></div><div class="Wj3C7c">-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></div></div></blockquote>
</div><br>