ldap passwords?
Eshun Benjamin
bkeshun at yahoo.fr
Wed Mar 7 08:42:42 CET 2007
Hello,
Sorry to bother you again. Where should I
apply the Crypt-Password? Should I apply it in
radiusd.conf or in the ldap.attrmap file?
Do the changes in ldap.attrmap
CheckItem Crypt-Password userPassword
CheckItem User-Password userPassword
==================================================
Benjamin K. Eshun
----- Message d'origine ----
De : Tim Tyler <tyler at beloit.edu>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Mardi, 6 Mars 2007, 17h45mn 42s
Objet : Re: ldap passwords?
Ivan,
Sorry to bother you again. Where should I
apply the Crypt-Password? Should I apply it in
radiusd.conf or in the ldap.attrmap file?
What line were you referring to?
My ldap database stores the password in
userPassword field. I assume that I should
keep password_attribute = userPassword in the radiusd.conf file, correct?
Tim
At 04:51 PM 3/5/2007, you wrote:
>Use Crypt-Password not User-Password.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 5/3/2007, "Tim Tyler" <tyler at beloit.edu> pi¹e:
>
> > Freeradius experts,
> > I am trying to configure freeradius to use openldap as a backend
> >for authentication, but I can't seem to get the passwords to
> >authenticate. It seems to have no problem binding and finding the
> >username (uid). I am using crypt passwords in the ldap userPassword field:
> >userPassword:: e1NTSEF9aXBWQklEYnZYSU9RdWl2V0ZtdGR5MWxIWFFsZWVCMjQ=
> >
> > I am not using any radius attributes. I simply want to allow any
> >uid to authenticate. I get these results:
> >
> >rad_recv: Access-Request packet from host
> 144.89.40.8:59881, id=60, length=59
> > User-Name = "tylertj"
> > User-Password = "xxxxxx"
> > NAS-IP-Address = 255.255.255.255
> > NAS-Port = 1812
> >rlm_ldap: - authorize
> >rlm_ldap: performing user authorization for tylertj
> >rlm_ldap: ldap_get_conn: Checking Id: 0
> >rlm_ldap: ldap_get_conn: Got Id: 0
> >rlm_ldap: (re)connect to ldap.beloit.edu:389, authentication 0
> >rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cacert.cer
> >rlm_ldap: starting TLS
> >rlm_ldap: bind as / to ldap.beloit.edu:389
> >rlm_ldap: waiting for bind result ...
> >rlm_ldap: Bind was successful
> >rlm_ldap: looking for check items in directory...
> >rlm_ldap: looking for reply items in directory...
> >rlm_ldap: user tylertj authorized to use remote access
> >rlm_ldap: ldap_release_conn: Release Id: 0
> >rad_recv: Access-Request packet from host
> 144.89.40.8:59881, id=60, length=59
> >Sending Access-Reject of id 60 to 144.89.40.8:59881
> >
> >
> > What might I be doing wrong? I presume that the ldap server
> >doesn't have to store the passwords in plain text, correct? I can
> >store them in md5 or SHA1 hash if I want, correct? I did uncomment:
> >
> >authenticate {
> > Auth-Type LDAP {
> > ldap
> > }
> >
> > Am I wrong to think this is now a password issue?
> >Tim
> >
> >
> >
> >
> >
> >Tim Tyler
> >Network Engineer - Beloit College
> >tyler at beloit.edu
> >
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tim Tyler
Network Engineer - Beloit College
tyler at beloit.edu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses
http://fr.answers.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070307/b64ac5f6/attachment.html>
More information about the Freeradius-Users
mailing list