I've configured radius to use ldap for authorization and authentication. Authorization works fine, but will allow access to authorized users without a correct password. Why? ldap stores passwords using SSHA encryption. Is there any way to: a. provide radius with the key/salt so it can compare the passwords properly b. have radius bind as the user to check that the password is correct? c. option I haven't thought of yet? Kyle Plimack KYLE J PLIMACK / SYSTEMS ADMINISTRATOR 415.531-9827 www.saymedia.com www.facebook.com/saymedia www.twitter.com/saymediainc
Kyle Jake Plimack wrote:
I've configured radius to use ldap for authorization and authentication. Authorization works fine, but will allow access to authorized users without a correct password.
No.
Why? ldap stores passwords using SSHA encryption.
That doesn't change anything.
Is there any way to: a. provide radius with the key/salt so it can compare the passwords properly
It will do that automatically.
b. have radius bind as the user to check that the password is correct?
It will do that automatically.
c. option I haven't thought of yet?
Post the debug output, as suggested in the FAQ, README, INSTALL, "man" page, web site, and nearly daily on this list? Alan DeKok.
participants (2)
-
Alan DeKok -
Kyle Jake Plimack