Freeradius and OpenLDAP authentication with hashed passwords
Alan DeKok
aland at deployingradius.com
Mon Mar 31 13:34:56 CEST 2008
mel wrote:
> I've managed to setup FreeRadius with OpenLDAP. The passwords however,
> are hashed (e.g. "{SHA}....") in LDAP. Authenticating directly to LDAP
> works, but it failed with Freeradius.
What does that mean?
> If the password is in plain-text,
> authentication is successful.
Well, yes. See:
http://deployingradius.com/documents/protocols/compatibility.html
Some authentication methods are not compatible with SHA'd passwords.
> What are the setting in FR that I need to do in order for the
> authentication to work? - i.e. FR takes the plain-text password, hash
> it, then compared it with the one in LDAP.
FreeRADIUS does that automatically... IF it receives a password in the
Access-Request. If it doesn't receive a password in the Access-Request,
what you want to do is impossible.
See the web page for more explanations.
Alan DeKok.
More information about the Freeradius-Users
mailing list