No "known good" password added
(0) WARNING: ldap : No "known good" password added. Ensure the admin user has permission to read the password attribute Admin has permission to read password. Radius server connects to LDAP OK. Bind was successful Our ldap server is Novell eDirectory. Radius Server connect by port 636 only. I don't think we use TLS. Which part of configuration is causing the problem ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues
On Sep 21, 2017, at 11:03 AM, Bhagwat, Shrikant <shrbhagw@med.umich.edu> wrote:
(0) WARNING: ldap : No "known good" password added. Ensure the admin user has permission to read the password attribute Admin has permission to read password. Radius server connects to LDAP OK. Bind was successful Our ldap server is Novell eDirectory. Radius Server connect by port 636 only. I don't think we use TLS. Which part of configuration is causing the problem
What part of that message is unclear? FreeRADIUS asked LDAP for the password, and LDAP returned "no". Either the password doesn't exist, or FreeRADIUS doesn't have permission to read the password. Fix that. Alan DeKok.
The freeradius has permission to read the password. But passwords are hashed. Can freeradius read hashed password -----Original Message----- From: Freeradius-Users [mailto:freeradius-users-bounces+shrbhagw=med.umich.edu@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Thursday, September 21, 2017 11:10 AM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: No "known good" password added On Sep 21, 2017, at 11:03 AM, Bhagwat, Shrikant <shrbhagw@med.umich.edu> wrote:
(0) WARNING: ldap : No "known good" password added. Ensure the admin user has permission to read the password attribute Admin has permission to read password. Radius server connects to LDAP OK. Bind was successful Our ldap server is Novell eDirectory. Radius Server connect by port 636 only. I don't think we use TLS. Which part of configuration is causing the problem
What part of that message is unclear? FreeRADIUS asked LDAP for the password, and LDAP returned "no". Either the password doesn't exist, or FreeRADIUS doesn't have permission to read the password. Fix that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ********************************************************** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues
On Sep 21, 2017, at 3:00 PM, Bhagwat, Shrikant <shrbhagw@med.umich.edu> wrote:
The freeradius has permission to read the password. But passwords are hashed. Can freeradius read hashed password
If you bother to read the docs, you'll get the answer to that question. And no, FreeRADIUS doesn't have permission to read the password. If it had the permission, LDAP would have returned the password, instead of saying "no password". Or, you've misconfigured FreeRADIUS and broken it. Alan DeKok.
participants (2)
-
Alan DeKok -
Bhagwat, Shrikant