UNCLASSIFIED
-----Original Message-----
Looking at this it seems that the LDAP record is holding the password with a certain encryption and that Radius needs to be told to encrypt the password it has passed to it in that format.
Anyone know what the LDAP encryption would be, and how to influence RADIUS's treatment of the password.
David
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Now fixed.
All I had to do in the end was add the line for "userPassword" and then change this from no to yes
pap { auto_header = yes }
in my radiusd.conf file which allows radius to work out how to encrypt
the password - in this case I *THINK* against a /etc/shadow format hash
From man slappasswd
-h scheme If -h is specified, one of the following RFC 2307 schemes may be specified: {CRYPT}, {MD5}, {SMD5}, {SSHA}, and {SHA}. The default is {SSHA}. Note that scheme names may need to be protected, due to { and }, from expansion by the user's command inter- preter. {SHA} and {SSHA} use the SHA-1 algorithm (FIPS 160-1), the latter with a seed. {MD5} and {SMD5} use the MD5 algorithm (RFC 1321), the latter with a seed. {CRYPT} uses the crypt(3). {CLEARTEXT} indicates that the new password should be added to userPassword as clear text. Regards Frank Ranner