Hi Alan, Yeah, I figured that out once I found that I was barking up the wrong... um... branch. I have modified my config to look for the full user@domain, as it is in our UIDs. Thanks for the link, I will read through that. Half the battle is finding the proper information. I am changing to use the Samba NT Password field, since I'm using MSCHAPv2 and this is the only field (other than a cleartext password field) that will work. Still running into issues, though, and now it's quitting time... Thanks!!! Alex On 09/21/2015 04:55 PM, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
of the differences between the "branches" of the directory tree, is that the incorrect one is using Crypt passwords, and the correct one is using SSHA passwords. Seems that the SSHA passwords are not working while the Crypt passwords do.
well, as others have pointed out, theres an issue with the format of the name too. uid=xxxxx must match, you cant look for uid=user and expect uid=user@realm to match - so you may want to vary your ldap query based on the username - perhaps do a user-name check if theres a realm thats not handled properly?
how does your LDAP server present the password? LDAP is not an authentication system, its an 'oracle' of values - so you may need to tell FreeRADIUS what format the reply value is - read the LDAP and FreeRADIUS password format docs
eg http://wiki.freeradius.org/modules/rlm_ldap
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Alex Moen NSTII North Dakota Telephone Company 701-662-6481