Problem when removing Auth-Type := Ldap in users file

Xu, Chun cxu at unbsj.ca
Fri Feb 8 02:29:32 CET 2008


I have not found my way out yet.  How does the ldap module in authorize section to set
Auth-Type attribute to ldap?

My initial thought is the ldap module in authorize section checks the User-Password
attribute in the incoming Access-Request message, and if the password is in clear text
then the ldap module will set the Auth-type to ldap.  Am I right? Do I miss anything? 


Regarding password_attribute in ldap section, I am not sure whether the ldap module in
authorize section really care about what password_attribute is when it comes to
determine whether sets Auth-type to ldap or not.  Does the freeradius server utilize
password_attribute to know the attribute (or item?) which stores password on the LDAP
server? 

Thanks!!!


Quoting Ivan Kalik <tnt at kalik.net>:

> password_attibute in ldap section. But your password is not clear text.
> You might need to create an entry in ldap.attrmap for SHA-Password. You
> will be able to do pap requests but not much more with the password you
> are storing.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> 
> Dana 7/2/2008, "cxu" <cxu at unbsj.ca> pi¹e:
> 
> >Thank you, Ivan!  You pointed out the part that I feel confused.  A dumb
> >question.  How could I configure freeradius to replace User-Password in
> >config items with Cleartext-Password?
> >
> >Thanks again!
> >
> >>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> >!
> >>!!!
> >>!!!    Replacing User-Password in config items with Cleartext-Password.
> >>!!!
> >>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> >!
> >>!!!
> >>!!! Please update your configuration so that the "known good"
> >>!!!
> >>!!! clear text password is in Cleartext-Password, and not in User-Password.
> >>!!!
> >>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> >!
> >
> >-----Original Message-----
> >From: freeradius-users-bounces+cxu=unbsj.ca at lists.freeradius.org
> >[mailto:freeradius-users-bounces+cxu=unbsj.ca at lists.freeradius.org] On
> >Behalf Of Ivan Kalik
> >Sent: Thursday, February 07, 2008 4:49 PM
> >To: FreeRadius users mailing list
> >Subject: Re: Problem when removing Auth-Type := Ldap in users file
> >
> >Have you noticed some warnings about password attribute in the debug?
> >Maybe using appropriate password attribute might help ;-)
> >
> >Ivan Kalik
> >Kalik Informatika ISP
> >
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
> >
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 






More information about the Freeradius-Users mailing list