Help connecting to remote ldap server

John Dennis jdennis at redhat.com
Thu Jun 24 18:33:10 CEST 2010


On 06/24/2010 12:21 PM, Raymond Norton wrote:

> [ldap] looking for reply items in directory...
> WARNING: No "known good" password was found in LDAP.  Are you sure that
> the user is configured correctly?

You don't have the userPassword mapped in /etc/raddb/ldap.attrmap

But even if you did, ldap has this:

userPassword:: e1NIQX13ak83dXhlS3FYR0NFVlhPTEVzVUo4OW9DWFE9

and the request has this:

User-Password = "password"

They aren't the same are they? The LDAP entry looks like a hash, you'll 
have to figure out which kind. Note it does not contain a {hash} prefix 
so FreeRADIUS can't figure what kind of hash it is. You'll have to force 
that with the right radius attribute for userPassword in ldap.attrmap.

But you better look at this:

http://deployingradius.com/documents/protocols/compatibility.html

and understand the consequences.

-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list