AW: AW: AW: AW: AW: Freeradius + LDAP password trouble
John Dennis
jdennis at redhat.com
Mon Jul 19 16:18:29 CEST 2010
On 07/19/2010 10:13 AM, Lionne Stangier wrote:
>> Is there a double colon (::) after the userPassword attribute name in
>> the ldapsearch result? (e.g. userPassword:: xxxxxxxxxxxxxxxxx). If so
>> that means the attribute value was binary (had some non-ascii printing
>> character in it) so it was base64 encoded. This is a bit obscure, I
>> got tripped up by it recently too :-) Try base64 decoding the the
>> value. I bet it'll look like {hash}xxxxxxxxxxxx where hash is one of
>> sha1, md5, etc. and xxxxxxxxxxx is the hash digest of the password.
>> FWIW it's not unusual when a hashing to a digest to end up with a
>> non-ascii character (thus triggering the base64 encoding)
>
>
> Yes the password it´s like you describe. I tested different forms in the ldap.attrmap now. Same trouble as before.
>
> We only load the schema on LDAP. Are there some different important settings?
Have a look at:
http://deployingradius.com/documents/protocols/compatibility.html
and how your passwords are stored (and hashed) that will tell you what
will work. The only password type that works with everything is
cleartext, which has it's own issues. So you've got some decisions to make.
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list