1.1.7, ldap and auth-type
Ivan Lago
ivan.lago at ifom-ieo-campus.it
Mon Aug 27 15:50:36 CEST 2007
Thanks, i removed the password_attribute and it worked.
Anyway i did it because my LDAP directory do not have a password
attribute for computer entries, so i wanted to check the mac-address
for both user-name and password. Than i didn't go on with this for
various reasons (i should have rewritten User-Password too, but this
could interfere if a user try to authenticate with a password that
casually match the regexp for a mac-address...), and i resorted to
authenticate with always_ok if the auth_type is macbypass (i do not
expect to have crafted requests in my network anyway...), but that
remained in the config file since it never gave problems before 1.1.7
Anyway if you have a better suggestion i am always ready to learn
On Aug 27, 2007, at 3:28 PM, Phil Mayers wrote:
>
> 2. Since it's wrong anyway (00:11:22:33:44:55 != 001122334455),
> either
> remove the plaintext password from the LDAP directory or remove the
> "password_attribute" config item from the module instance.
>
> Why *are* you copying a "wrong" password from LDAP to the config
> items?
> How is the LDAP server authenticating them?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070827/7f351e6f/attachment.html>
More information about the Freeradius-Users
mailing list