9 Sep
2010
9 Sep
'10
6:19 a.m.
Kevin Ehlers wrote:
I found a solution that works in the mean-time by writing a perl module. I'm using the perl module during the authorize section in the inner-tunnel virtual server. What it does is query ldap, and get the nt-password attribute from our ldap server. It then does a $nt-password =~ /^{nthash}(.*)$/. From there, I update the control packet $RAD_CHECK{NT-Password} = $1. And then it returns OK.
OK...
It looks like the ldap module rejects the password and doesn't store it in the User-Password or NT-Password field.
I don't see why. It should be able to read *anything* from the ldap password field, and put it into the RADIUS password attribute. Alan DeKok.