freeradius with multiple ldap servers
Ivan Kalik
tnt at kalik.net
Fri Jul 4 10:56:42 CEST 2008
> Problem still persists. What do you mean by the {crypt} header.
>From RFC2256:
5.36. userPassword
( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
Passwords are stored using an Octet String syntax and are not
encrypted.
Since you are intent on violating RFC you need to add a password header
to indicate what type of encryption is used.
>rlm_ldap: waiting for bind result ...
>rlm_ldap: Bind failed with invalid credentials
>++[ldap1] returns reject
>auth: Failed to validate the user.
Without the header userPassword is treated as clear text (not crypted
value) and that does't match.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list