----- Oorspronkelijk bericht ----- Van : wessam seleem [mailto:wessam.seleem@gmail.com] Verzonden : zondag , september 27, 2009 02:34 PM Aan : 'FreeRadius users mailing list' Onderwerp : Re:
Dear Thor and Ivan, Thanks for your support. I would like to notice that I have the same configuration in a server that has freeradius-1.1.7-1 installed and it is working fine. I want to upgrade. That is why I am testing freeradius-2.1.6-2. I want to ask is there is any difference between 1.1.7-1 and 2.1.6-2 configuration files that I should put it in my consideration?
Thor, I don't have the same output in the debug mode. I have what you can see below:
++[ldap] returns ok !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group PAP {...} [pap] login attempt with password "password" [pap] Using clear text password "$5@Hfgusllj%$#kasjs" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> username attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated
Dear Ivan and Thor,
As you can see the problem that I am sending a clear text password and the radius doesn't convert it to encrypted one. I want my radius to take a clear text password and encrypt it then compare it with the encrypted one in my ldap. Please let me know if I should clarify more or if you need more info.
Thanks again for your support. Regards,
I'm not saying that how I got it working is *the* way to do it, I just got it working this way... I'm using 2.1.7, but I guess 2.1.6 has exactly the same behaviour. In your ldap module configuration, remove this: password_header = "{CRYPT}" Then the ldap module will not remove {CRYPT} from User-Password and the server will not complain about the attributes... The pap module configuration should only have the following line: auto_header = yes This will make the PAP authentication step recognize that the password retrieved from ldap is crypted and do the correct password comparison. Regards, Thor.
participants (1)
-
Thor Spruyt