22 Jul
2010
22 Jul
'10
3:56 p.m.
On 07/22/2010 08:26 PM, newtownz wrote:
The password stored in eDirectory is valid.
My understanding of eDirectory is that it will never let you see the actual password of a user, it will hash it first. Is this behavior of freeradius normal?
There is eDirectory support in the rlm_ldap module which (I belive) does a "special" query to get a the "universal password); see the docs for rlm_ldap. But you (or rather the FreeRadius bind DN) *will* need permissions to read the plaintext password or you're stuck. You need that password or the NT/LM hash to do PEAP/MS-CHAP.
Later in the process the user is rejected because no Auth-Type was found, is this related?
Yes.