No "known good" password was found in LDAP
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jul 22 21:56:49 CEST 2010
On 07/22/2010 08:26 PM, newtownz wrote:
> The password stored in eDirectory is valid.
>
> My understanding of eDirectory is that it will never let you see the actual
> password
> of a user, it will hash it first. Is this behavior of freeradius normal?
There is eDirectory support in the rlm_ldap module which (I belive) does
a "special" query to get a the "universal password); see the docs for
rlm_ldap.
But you (or rather the FreeRadius bind DN) *will* need permissions to
read the plaintext password or you're stuck. You need that password or
the NT/LM hash to do PEAP/MS-CHAP.
>
> Later in the process the user is rejected because no Auth-Type was found,
> is this related?
Yes.
More information about the Freeradius-Users
mailing list