ldap passwords?

tnt at kalik.co.yu tnt at kalik.co.yu
Mon Mar 5 23:51:04 CET 2007


Use Crypt-Password not User-Password.

Ivan Kalik
Kalik Informatika ISP


Dana 5/3/2007, "Tim Tyler" <tyler at beloit.edu> piše:

>  Freeradius experts,
>  I am trying to configure freeradius to use openldap as a backend
>for authentication, but I can't seem to get the passwords to
>authenticate.  It seems to have no problem binding and finding the
>username (uid). I am using crypt passwords in the ldap userPassword field:
>userPassword:: e1NTSEF9aXBWQklEYnZYSU9RdWl2V0ZtdGR5MWxIWFFsZWVCMjQ=
>
>   I am not using any radius attributes.  I simply want to allow any
>uid to authenticate.  I get these results:
>
>rad_recv: Access-Request packet from host 144.89.40.8:59881, id=60, length=59
>         User-Name = "tylertj"
>         User-Password = "xxxxxx"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1812
>rlm_ldap: - authorize
>rlm_ldap: performing user authorization for tylertj
>rlm_ldap: ldap_get_conn: Checking Id: 0
>rlm_ldap: ldap_get_conn: Got Id: 0
>rlm_ldap: (re)connect to ldap.beloit.edu:389, authentication 0
>rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cacert.cer
>rlm_ldap: starting TLS
>rlm_ldap: bind as / to ldap.beloit.edu:389
>rlm_ldap: waiting for bind result ...
>rlm_ldap: Bind was successful
>rlm_ldap: looking for check items in directory...
>rlm_ldap: looking for reply items in directory...
>rlm_ldap: user tylertj authorized to use remote access
>rlm_ldap: ldap_release_conn: Release Id: 0
>rad_recv: Access-Request packet from host 144.89.40.8:59881, id=60, length=59
>Sending Access-Reject of id 60 to 144.89.40.8:59881
>
>
>   What might I be doing wrong?  I presume that the ldap server
>doesn't  have to store the passwords in plain text, correct?  I can
>store them in md5 or SHA1 hash if I want, correct?  I did uncomment:
>
>authenticate {
>    Auth-Type LDAP {
>       ldap
>    }
>
>   Am I wrong to think this is now a password issue?
>Tim
>
>
>
>
>
>Tim Tyler
>Network Engineer - Beloit College
>tyler at beloit.edu
>




More information about the Freeradius-Users mailing list