ldap passwords?
tnt at kalik.co.yu
tnt at kalik.co.yu
Tue Mar 6 18:19:22 CET 2007
You need to change password_radius_attribute to Crypt-Password. It
defaults to clear password type (User-Password).
Ivan Kalik
Kalik Informatika ISP
Dana 6/3/2007, "Tim Tyler" <tyler at beloit.edu> piše:
>Ivan,
> Sorry to bother you again. Where should I
>apply the Crypt-Password? Should I apply it in
>radiusd.conf or in the ldap.attrmap file?
> What line were you referring to?
> My ldap database stores the password in
>userPassword field. I assume that I should
>keep password_attribute = userPassword in the radiusd.conf file, correct?
>Tim
>
>At 04:51 PM 3/5/2007, you wrote:
>>Use Crypt-Password not User-Password.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>
>>Dana 5/3/2007, "Tim Tyler" <tyler at beloit.edu> piše:
>>
>> > Freeradius experts,
>> > I am trying to configure freeradius to use openldap as a backend
>> >for authentication, but I can't seem to get the passwords to
>> >authenticate. It seems to have no problem binding and finding the
>> >username (uid). I am using crypt passwords in the ldap userPassword field:
>> >userPassword:: e1NTSEF9aXBWQklEYnZYSU9RdWl2V0ZtdGR5MWxIWFFsZWVCMjQ=
>> >
>> > I am not using any radius attributes. I simply want to allow any
>> >uid to authenticate. I get these results:
>> >
>> >rad_recv: Access-Request packet from host
>> 144.89.40.8:59881, id=60, length=59
>> > User-Name = "tylertj"
>> > User-Password = "xxxxxx"
>> > NAS-IP-Address = 255.255.255.255
>> > NAS-Port = 1812
>> >rlm_ldap: - authorize
>> >rlm_ldap: performing user authorization for tylertj
>> >rlm_ldap: ldap_get_conn: Checking Id: 0
>> >rlm_ldap: ldap_get_conn: Got Id: 0
>> >rlm_ldap: (re)connect to ldap.beloit.edu:389, authentication 0
>> >rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cacert.cer
>> >rlm_ldap: starting TLS
>> >rlm_ldap: bind as / to ldap.beloit.edu:389
>> >rlm_ldap: waiting for bind result ...
>> >rlm_ldap: Bind was successful
>> >rlm_ldap: looking for check items in directory...
>> >rlm_ldap: looking for reply items in directory...
>> >rlm_ldap: user tylertj authorized to use remote access
>> >rlm_ldap: ldap_release_conn: Release Id: 0
>> >rad_recv: Access-Request packet from host
>> 144.89.40.8:59881, id=60, length=59
>> >Sending Access-Reject of id 60 to 144.89.40.8:59881
>> >
>> >
>> > What might I be doing wrong? I presume that the ldap server
>> >doesn't have to store the passwords in plain text, correct? I can
>> >store them in md5 or SHA1 hash if I want, correct? I did uncomment:
>> >
>> >authenticate {
>> > Auth-Type LDAP {
>> > ldap
>> > }
>> >
>> > Am I wrong to think this is now a password issue?
>> >Tim
>> >
>> >
>> >
>> >
>> >
>> >Tim Tyler
>> >Network Engineer - Beloit College
>> >tyler at beloit.edu
>> >
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>Tim Tyler
>Network Engineer - Beloit College
>tyler at beloit.edu
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list