Phillip Heller wrote:
I'm using the Centos Directory Server, which defaults to SSHA encryption on the userPassword attribute.
That should work.
It would seem that freeradius does not authenticate against SSHA. I did try a few other encryption policies (crypt, md5) and set the password_header value appropriately.
In the LDAP module? That configuration is deprecated, and isn't even documented in 2.0.5. What is the output of debugging mode? If the contents of the "userPassword" field are just the SSHA hash, you will have to tell the FreeRADIUS that the field is the SSHA hash. Otherwise, it has no idea. In general, it's best to use the {ssha} header in the userPassword field. The LDAP server should handle it fine, and FreeRADIUS will use it to Just Do the Right Thing. Alan DeKok.