LDAP backend and Password Encryption

Phillip Heller pheller at me.com
Mon Aug 18 16:10:05 CEST 2008


   Relatively new to both freeradius and ldap here.

I'm using the Centos Directory Server, which defaults to SSHA  
encryption on the userPassword attribute.

I'm using freeradius to authenticate unix logins (via  
pam_radius_auth), VPN (cisco asa) logins, and router/switch vty logins.

freeradius verifies existence of the user in various ldap groups, and  
based upon that logic, either proxies off to a cryptocard server for  
one-time-password authentication, or authenticates directly against  
the userPassword attribute value.

It would seem that freeradius does not authenticate against SSHA.  I  
did try a few other encryption policies (crypt, md5) and set the  
password_header value appropriately.

This is with version 2.0.5.

Any help would be greatly appreciated!



More information about the Freeradius-Users mailing list