That worked, Thank you. On Fri, Nov 9, 2018 at 6:56 PM Alan DeKok <aland@deployingradius.com> wrote:
On Nov 6, 2018, at 11:51 AM, Amstaff zg <amstaff.zg@gmail.com> wrote:
Hi, I have problem with pap password normalization when radius fetches password from ldap in base64 format.
Here is example where it works: FreeRADIUS Version 3.0.16 Copyright (C) 1999-2017 The FreeRADIUS server project and contributors There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License For more information about these matters, see the file
The debug output has been *completely* mangled. It's been word wrapped to the point where it's almost impossible to see what's going on.
I think line:
(1) pap: Normalizing Password-With-Header from base64 encoding, 28 bytes -> 21 bytes (1) pap: Unknown header {{?v??w}} in Password-With-Header, re-writing to Cleartext-Password (1) pap: Removing &control:Password-With-Header
is making this problem. pap module is trying to normalize password from ldap no matter that
pap { normalise = no } is set.
When you put the password into the "Password-With-Header" attribute, you are telling FreeRADIUS that the password has a header. So it makes no sense to say "yes, it has a header, but no, we don't want to look at that header".
If you want to use the password *as is* from LDAP, then assign it to the Cleartext-Password attribute. That won't look for headers, and will compare the passwords as-is.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html