LDAP Data Mangling

Alan DeKok aland at deployingradius.com
Thu Sep 9 12:19:25 CEST 2010

Kevin Ehlers wrote:
> I found a solution that works in the mean-time by writing a perl module.
>  I'm using the perl module during the authorize section in the
> inner-tunnel virtual server.  What it does is query ldap, and get the
> nt-password attribute from our ldap server.  It then does a $nt-password
> =~ /^{nthash}(.*)$/.  From there, I update the control packet
> $RAD_CHECK{NT-Password} = $1.  And then it returns OK.


> It looks like the ldap module rejects the password and doesn't store it
> in the User-Password or NT-Password field.

  I don't see why.  It should be able to read *anything* from the ldap
password field, and put it into the RADIUS password attribute.

  Alan DeKok.

More information about the Freeradius-Users mailing list