On Sat, Mar 10, 2012 at 5:29 AM, <up@3.am> wrote:
So to save lots of time and configuration problem: does your LDAP store user passwords in clear text or any "common" hash (e.g. md5, unix)? If yes, AND you know what the LDAP attribute is, you don't even need an LDAP section in authenticate.
Mostly crypt, but I've seen a few SSHA hashes. I know the ldap attribute as well. Assuming those hashes are "common" enough, what do I need to do?
If the hash is supported (see http://wiki.freeradius.org/Protocol%20Compatibility) , you only need to make sure FR sees it in the right place. See ldap.atrmap.
Both hashes are supported, thanks for the link. I assume I need to define something to map to, as well? Like this: raddb/dictionary: ATTRIBUTE userPassword 3004 string raddb/ldap.attrmap: checkItem User-Password userPassword Then I just noticed this in the ldap module (which we have in the radiusd.conf): # password_attribute = userPassword Do I understand correctly that I can just uncomment that and not define anything in the dictionary or ldap.attrmap? Again, thanks!