On Wed, Mar 7, 2012 at 3:09 AM, Stefano Zanmarchi <zanmarchi@gmail.com> wrote:
On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha <list@fajar.net> wrote:
Instead, you should find out which LDAP attribute stores your MD5-password, add the correct mapping to ldap.attrmap, and leave Auth-Type section commented-out.
Hi Fajar, thank you for your kind answers, l'll try that out. One thing still isn't clear to me though. Since the LDAP "userPassword" contains the hashed password, how can freeradius use ldap.attrmap to perform authentication? I thought it could only try to bind as the user.
I assume you've seen http://wiki.freeradius.org/Rlm_ldap ? Basically you need to determine: - which LDAP attribute stores the password (e.g. userPassword? something else?) - does the attribute store the password with header (e.g {md5})? - is the mapping in ldap.attrmap correct? -- Fajar