Allan Borman wrote:
I have put together a freeradius server to authenticate users existing on our oracle LDAP directory. The issue that I have is getting the passowrd from oracle. I can probe the LDAP, get a user authorized and fallback to the default for the passowrd check which is the "system". It all works well. However our LDAP uses oracle on the back end to check the password. Has anyone configured radius to do this? I need to send a request to LDAP to check the password as well.
That is really an Oracle LDAP directory configuration issue. FreeRADIUS doesn't really care what the backend is. It only cares that you can do LDAP bind and that LDAP directory provides password hashes. For example I can query my OpenLDAP database and it will provide me with userPassword sambaNTPassword sambaLMPassword atrributes that I can use to authenticate past that. This is not a RADIUS issue. You have to configure your LDAP directory to provide you with the right info.