On 12/06/2010 02:06 PM, James Winter wrote:
I think I have a problem with Ldap reading the password correctly. If i have read correctly, it needs a clear text password....
If you want FreeRadius to extract information from LDAP, then the LDAP bindDN that FreeRadius uses must have the permission to read this information (and of course, the information must exist in LDAP) Whether you need a plaintext password depends on what authentication protocols you want to use. See: http://deployingradius.com/documents/protocols/compatibility.html
Secondly, the debug output you posted returns an "Access-Accept" because, although the LDAP module was unable to see a userPassword attribute on the LDAP entry, a later module sets the Auth-Type to "ntlm_auth" and your server then obeys that.
I shall comment this line out, and try it out today
See below
This is all a non-standard config, so *someone* has configured the server - was it you?
I have been working on configuring the server for a little bit now. I tried following several different online manuals before I consulted the group.
Oh dear. A lot of the online info is out-of-date or plain wrong. If you've made a lot of changes, and you're not sure exactly what youve changed and why, my advice would be to start again from scratch. Restore the default configs, and use the following system: 1. Check the config into version control 2. Make ONE and ONLY ONE change 3. Test it 4. Goto step 1 One of the new DVCSes like git/bzr/hg are ideal for this. The *first* change you want to make is adding a user to the "users" file username Cleartext-Password := "password" Check that what you want to do works with that user. Then you can move onto LDAP. Keeping a dump of the debug output at each step can be handy too - then you can compare them. Hope this helps.