yet ANOTHER EAP-TTLS/PAP with OpenLDAP problem ...

Ivan Kalik tnt at kalik.net
Fri Mar 28 22:45:32 CET 2008


>rlm_ldap: Added User-Password = {SSHA}*SANITIZED*e2E52K+sO/SC+wvE*SANITIZED*== in check items

You have obviously ignored the warnings about storing User-Password
attribute:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Should they be more obvious? So server translates User-Password to
Cleartext-Password and the check fails since the password is encrypted.

Configure ldap section to use SSHA-Password as password attribute instead.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list