On Sat, Mar 10, 2012 at 5:29 AM, <up@3.am> wrote:
So to save lots of time and configuration problem: does your LDAP store user passwords in clear text or any "common" hash (e.g. md5, unix)? If yes, AND you know what the LDAP attribute is, you don't even need an LDAP section in authenticate.
Mostly crypt, but I've seen a few SSHA hashes. I know the ldap attribute as well. Assuming those hashes are "common" enough, what do I need to do?
If the hash is supported (see http://wiki.freeradius.org/Protocol%20Compatibility) , you only need to make sure FR sees it in the right place. See ldap.atrmap.
I should point out that I had been using:
DEFAULT Auth-Type = Ldap
In the users file as well on the two older servers, despite docs that say that it is "almost always wrong", but it was the only way we got it working.
If you have the attribute, and the hash is supported, you shouldn't need that. -- Fajar