Stefan Adams wrote:
It's been quite a challenge to maintain both radiusNTPassword and sambaNTPassword in a user's LDAP object, especially when radiusNTPassword is just sambaNTPassword, prepended with '0x'. If nothing else, that's redundant.
Hmm... in 1.1.7, the "pap" module will take care of fixing NT-Passwords. i.e. map sambaNTPassword to NT-Password in ldap.attrmap, and list "pap" at the end of the "authorize" section. The pap module will see the 32-character hex string NT-Password, and convert it to 16-character binary format, which the rest of the server needs.
Does that make sense? Anything wrong with doing this? Obviouly this patch is teeny and not very profound... For what reason is this avoided? rlm_ldap expects the value to be in hex.
What do you mean by that?
diff -urN freeradius-1.1.7/src/modules/rlm_ldap/rlm_ldap.c ... for (vals_idx = 0; vals_idx < vals_count; vals_idx++) { value = vals[vals_idx]; +sprintf(hex, "0x%s", value); +value = hex; +DEBUG("!!! %s !!!", value);
Huh? You're adding "0x" to the start of EVERY attribute. That's wrong... Alan DeKok.