how to enable ldap during authentication

Alan DeKok aland at deployingradius.com
Thu Jan 24 09:59:33 CET 2008


Tomasz Zieleniewski wrote:
> Still something is wrong.
> 
> I have the following authorize section:
...

  In which the default configuration has been massively changed.

  I'm not sure where else to document this: If you are not clear on how
the server works, then DO NOT CHANGE THE DEFAULT CONFIGURATION.

  If the configuration you've created doesn't work, then it's clear that
there's something missing.  In that case, follow the instructions in the
"man" page for how to create a working configuration.
...
> Thu Jan 24 09:40:35 2008 : Debug: ++[ldap] returns ok
> Thu Jan 24 09:40:35 2008 : Debug: auth: type Local

  Something in your local changes has set "Auth-Type := Local".

  Can you please explain WHY you're doing that, WHERE you found
documentation saying that it was a good idea, and WHAT you think it's doing?

  The documentation that comes with 2.0 tries very hard to explain that
setting "Auth-Type" is almost always wrong.  Is there somewhere else we
need to document this?

  In addition, you're mapping a hashed password to a clear-text password:

> Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: LDAP attribute
userPassword as RADIUS attribute Cleartext-Password ==
"{MD5}SNNMxdM+Zfvr//0yEp0DuA=="

  Again, this is NOT in the default configuration, and WILL NOT WORK.

  Start off with the default configuration.   Configure the "ldap"
module, and un-comment it from the "authorize" section.  Your tests
SHOULD work.

  Alan DeKok.



More information about the Freeradius-Users mailing list