how to enable ldap during authentication
Tomasz Zieleniewski
tzieleniewski at gmail.com
Thu Jan 24 16:23:29 CET 2008
On Jan 24, 2008 9:59 AM, Alan DeKok <aland at deployingradius.com> wrote:
> Tomasz Zieleniewski wrote:
> > Still something is wrong.
> >
> > I have the following authorize section:
> ...
>
> In which the default configuration has been massively changed.
>
> I'm not sure where else to document this: If you are not clear on how
> the server works, then DO NOT CHANGE THE DEFAULT CONFIGURATION.
>
> If the configuration you've created doesn't work, then it's clear that
> there's something missing. In that case, follow the instructions in the
> "man" page for how to create a working configuration.
> ...
> > Thu Jan 24 09:40:35 2008 : Debug: ++[ldap] returns ok
> > Thu Jan 24 09:40:35 2008 : Debug: auth: type Local
>
> Something in your local changes has set "Auth-Type := Local".
I didn't set it explicit. I don't know what caused setting Auth-Type to
Local!!!!!!
But I found my error. The problem was in ldap
I didn't have Auth-Type Set in radius and I used old config from docs
directory which didn't have set_auth_type parameter.
>
>
> Can you please explain WHY you're doing that, WHERE you found
> documentation saying that it was a good idea, and WHAT you think it's
> doing?
>
> The documentation that comes with 2.0 tries very hard to explain that
> setting "Auth-Type" is almost always wrong. Is there somewhere else we
> need to document this?
>
> In addition, you're mapping a hashed password to a clear-text password:
>
> > Thu Jan 24 09:40:35 2008 : Debug: rlm_ldap: LDAP attribute
> userPassword as RADIUS attribute Cleartext-Password ==
> "{MD5}SNNMxdM+Zfvr//0yEp0DuA=="
>
> Again, this is NOT in the default configuration, and WILL NOT WORK.
Similar problem my LDAP server return hashed passwords instead of plain-text
i added additional parameter in LDAP which solved the issue.
>
>
> Start off with the default configuration. Configure the "ldap"
> module, and un-comment it from the "authorize" section. Your tests
> SHOULD work.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080124/f9297542/attachment.html>
More information about the Freeradius-Users
mailing list