Problem when removing Auth-Type := Ldap in users file
Xu, Chun
cxu at unbsj.ca
Fri Feb 8 02:29:32 CET 2008
I have not found my way out yet. How does the ldap module in authorize section to set
Auth-Type attribute to ldap?
My initial thought is the ldap module in authorize section checks the User-Password
attribute in the incoming Access-Request message, and if the password is in clear text
then the ldap module will set the Auth-type to ldap. Am I right? Do I miss anything?
Regarding password_attribute in ldap section, I am not sure whether the ldap module in
authorize section really care about what password_attribute is when it comes to
determine whether sets Auth-type to ldap or not. Does the freeradius server utilize
password_attribute to know the attribute (or item?) which stores password on the LDAP
server?
Thanks!!!
Quoting Ivan Kalik <tnt at kalik.net>:
> password_attibute in ldap section. But your password is not clear text.
> You might need to create an entry in ldap.attrmap for SHA-Password. You
> will be able to do pap requests but not much more with the password you
> are storing.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 7/2/2008, "cxu" <cxu at unbsj.ca> pi¹e:
>
> >Thank you, Ivan! You pointed out the part that I feel confused. A dumb
> >question. How could I configure freeradius to replace User-Password in
> >config items with Cleartext-Password?
> >
> >Thanks again!
> >
> >>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> >!
> >>!!!
> >>!!! Replacing User-Password in config items with Cleartext-Password.
> >>!!!
> >>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> >!
> >>!!!
> >>!!! Please update your configuration so that the "known good"
> >>!!!
> >>!!! clear text password is in Cleartext-Password, and not in User-Password.
> >>!!!
> >>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
> >!
> >
> >-----Original Message-----
> >From: freeradius-users-bounces+cxu=unbsj.ca at lists.freeradius.org
> >[mailto:freeradius-users-bounces+cxu=unbsj.ca at lists.freeradius.org] On
> >Behalf Of Ivan Kalik
> >Sent: Thursday, February 07, 2008 4:49 PM
> >To: FreeRadius users mailing list
> >Subject: Re: Problem when removing Auth-Type := Ldap in users file
> >
> >Have you noticed some warnings about password attribute in the debug?
> >Maybe using appropriate password attribute might help ;-)
> >
> >Ivan Kalik
> >Kalik Informatika ISP
> >
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
> >
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list