ldap passwords?

Tim Tyler tyler at beloit.edu
Mon Mar 5 23:14:17 CET 2007


  Freeradius experts,
  I am trying to configure freeradius to use openldap as a backend 
for authentication, but I can't seem to get the passwords to 
authenticate.  It seems to have no problem binding and finding the 
username (uid). I am using crypt passwords in the ldap userPassword field:
userPassword:: e1NTSEF9aXBWQklEYnZYSU9RdWl2V0ZtdGR5MWxIWFFsZWVCMjQ=

   I am not using any radius attributes.  I simply want to allow any 
uid to authenticate.  I get these results:

rad_recv: Access-Request packet from host 144.89.40.8:59881, id=60, length=59
         User-Name = "tylertj"
         User-Password = "xxxxxx"
         NAS-IP-Address = 255.255.255.255
         NAS-Port = 1812
rlm_ldap: - authorize
rlm_ldap: performing user authorization for tylertj
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: (re)connect to ldap.beloit.edu:389, authentication 0
rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cacert.cer
rlm_ldap: starting TLS
rlm_ldap: bind as / to ldap.beloit.edu:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user tylertj authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
rad_recv: Access-Request packet from host 144.89.40.8:59881, id=60, length=59
Sending Access-Reject of id 60 to 144.89.40.8:59881


   What might I be doing wrong?  I presume that the ldap server 
doesn't  have to store the passwords in plain text, correct?  I can 
store them in md5 or SHA1 hash if I want, correct?  I did uncomment:

authenticate {
    Auth-Type LDAP {
       ldap
    }

   Am I wrong to think this is now a password issue?
Tim





Tim Tyler
Network Engineer - Beloit College
tyler at beloit.edu 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070305/c82b2258/attachment.html>


More information about the Freeradius-Users mailing list