freeradius with multiple ldap servers
Sambuddho Chakravarty
sc2516 at columbia.edu
Sun Jul 6 00:03:50 CEST 2008
Hello Ivan
Does that mean that I cannot authenticate against a LDAP server from a
freeradius server using cleartext passwords. So the freeradius client
needs to send the password in encrypted format. But other programs which
using LDAP server to authenticate (eg. the pam_ldap ) takes as input the
cleartext password. Is there a solution to this ? Maybe I am mistaken
somewhere . Please let me know.
Thanks
Sambuddho
On Fri, 2008-07-04 at 09:56 +0100, Ivan Kalik wrote:
> > Problem still persists. What do you mean by the {crypt} header.
>
> >From RFC2256:
>
> 5.36. userPassword
>
> ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
> SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
>
> Passwords are stored using an Octet String syntax and are not
> encrypted.
>
> Since you are intent on violating RFC you need to add a password header
> to indicate what type of encryption is used.
>
> >rlm_ldap: waiting for bind result ...
> >rlm_ldap: Bind failed with invalid credentials
> >++[ldap1] returns reject
> >auth: Failed to validate the user.
>
> Without the header userPassword is treated as clear text (not crypted
> value) and that does't match.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list