Yet another PEAP/LDAP Question
Jon P. Giza
jon at xbytenetworks.com
Wed Jan 25 21:53:25 CET 2006
I doubt it will be possible to remove that. Is it possible to authenticate
to this ldap database in another way? I thought I had read of a way to bind
to the ldap server as the user we are trying to authenticate, but I can not
find any good info on this.
Thanks again for your help.
JPG
> -----Original Message-----
> From: freeradius-users-bounces+jon=xbytenetworks.com at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+jon=xbytenetworks.com at lists.freeradius.org] On Behalf Of Phil
> Mayers
> Sent: Wednesday, January 25, 2006 11:45 AM
> To: FreeRadius users mailing list
> Subject: Re: Yet another PEAP/LDAP Question
>
> Jon P. Giza wrote:
> > Phil:
> >
> > I have made the suggested changes, and new debug's below:
> >
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding userPassword as NT-Password, value ( & op=21
> > rlm_ldap: looking for reply items in directory...
> > ...
> > modcall: entering group MS-CHAP for request 5
> > rlm_mschap: No User-Password configured. Cannot create LM-Password.
> > rlm_mschap: Invalid NT-Password
>
> The bit of code that generates this error checks for a length of 16
> bytes (the actual bytes) or 32 (un-prefixed hex-encoded, in which case
> it decodes it). Therefore the userPassword attribute must be something
> other than the form:
>
> 0123456789abcdef0123456789abcdef
>
> Your original debug log showed:
>
> rlm_ldap: Added password (6BDC5527858B28XXXXXXXXXEFAF2323F) in check items
>
> ...and from the looks of the rlm_ldap code those brackets '()' are part
> of the data in the LDAP server, not part of the message print out
> function.
>
> Quite why you'd wrap an ntPassword in round brackets I don't know, but
> you'll need to remove them somehow.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list