LDAP backend and Password Encryption
pheller at me.com
Mon Aug 18 16:10:05 CEST 2008
Relatively new to both freeradius and ldap here.
I'm using the Centos Directory Server, which defaults to SSHA
encryption on the userPassword attribute.
I'm using freeradius to authenticate unix logins (via
pam_radius_auth), VPN (cisco asa) logins, and router/switch vty logins.
freeradius verifies existence of the user in various ldap groups, and
based upon that logic, either proxies off to a cryptocard server for
one-time-password authentication, or authenticates directly against
the userPassword attribute value.
It would seem that freeradius does not authenticate against SSHA. I
did try a few other encryption policies (crypt, md5) and set the
password_header value appropriately.
This is with version 2.0.5.
Any help would be greatly appreciated!
More information about the Freeradius-Users