ldap question

Craig White craigwhite at azapple.com
Wed Dec 10 18:37:15 CET 2008


still a few issues so I upgraded to 2.1.1 and in debug mode (and I have
enabled ldap), I see this...

[ldap] checking if remote access for $SOME_USER is allowed by uid
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x...
rlm_ldap: sambaLmPassword -> LM-Password == 0x...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that
the user is configured correctly?
[ldap] user $SOME_USER authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP

should I just disable pap? (I can't think of anything that I need to use
it for) OR...

considering that the LDAP 'userPassword' is essentially the same
password that is contained in sambaNTPassword and sambaLMPassword, do I
just somehow enable
#       password_attribute = "userPassword"
as it talks about in rlm_ldap doc file?

Craig




More information about the Freeradius-Users mailing list