FR3.0 and LDAP
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Aug 12 23:29:57 CEST 2013
On 12 Aug 2013, at 22:28, Maja Wolniewicz <mgw at umk.pl> wrote:
>
> Dnia 12 sie 2013 o godz. 22:57 Arran Cudbard-Bell <a.cudbardb at freeradius.org> napisał(a):
>
>>
>> On 12 Aug 2013, at 21:47, Maja Wolniewicz <mgw at umk.pl> wrote:
>>
>>> W dniu 12.08.2013 21:36, Alan DeKok pisze:
>>>> Maja Wolniewicz wrote:
>>>>> In FR3.0 the Auth-Type=LDAP isn't set in the rlm_ldap module, the
>>>>> authorize section ends with Auth-Type=PAP, so authentication goes to the
>>>>> PAP module.
>>>> That's what's supposed to happen when you use LDAP as a database.
>>> Is there a way to decide which attribute is used in the PAP module?
>>> I have in the ldap module config
>>> update {
>>> control:NT-Password := 'ntPassword'
>>> control:Password-With-Header := 'userPassword'
>>> }
>>> and the PAP module uses NT encryption.
>>> when I remove control:NT-Password line then CRYPT password is used
>>> I would like the PAP module to use userPassword, I need ntPassword in the ldap module for PEAP authentication.
>>
>> Why? and no. Shouldn't they both be in sync?
> In production yes, but for testing purposes sometimes we are using different passwords.
Remove the one you don't want when you've figure out auth type.
update control {
NT-Password !* ANY
}
More information about the Freeradius-Devel
mailing list