Help: FreeRadius Users with multiple passwords

Duong Manh Truong ngoahotanglongbk at gmail.com
Mon Nov 21 02:52:28 CET 2011


What i did is that: With each user (Uid) , i created multiple "userpassword
attribute" values,

then, while authenticating, OpenLDAP will compare the input password with
all the created password values --one by one

If the input matched any one of the created pass => Access - Accept

I also know that my scenario is somehow strange and not good, but it is
really what i need!

My policy is : with 1 user, just sends one pass in the "password pool"  for
his authentication becoming successfully
(Access - Accept)

Regards!

Vào 22:31 Ngày 18 tháng 11 năm 2011, John Dennis <jdennis at redhat.com> đã
viết:

On 11/18/2011 06:20 AM, Duong Manh Truong wrote:
>
>> Hi,
>> Thanks for your reply :)
>>
>> I have a better news that: By using OpenLDAP for FR Authen & Authorization
>> => I can configure multiple passwords for each user (Uid)
>> and use 1 of those passwords for successfully Authentication!
>>
>> Although it is done manually now, but somehow it solves the matter !
>>
>> If anyone have experienced this, please give some advices !
>> Example: How to do it automatically or
>> How to create a pool of passwords then use the pool for multiple users :)
>>
>
> Not exactly sure what you did, ldap does have the concept of multi-valued
> attributes but that won't be of any use to you even if you set multiple
> values for one attribute type (e.g. name). Why? The radius server can only
> use one password for a user, not exactly sure what it will do if it get
> more than one back from ldap, I assume it just picks the first one (where
> first is probably non-deterministic).
>
> The bottom line is there must be a one-to-one mapping between users and
> passwords. User's should have just one password, this is good practice. If
> you want to write custom code you can bypass the limitation but really
> really don't want to do that.
>
> Accept it as a given, 1 user, 1 password
>
> Also please be courteous and trim your emails of non-relevant text.
>
> --
> John Dennis <jdennis at redhat.com>
>
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111121/82f21474/attachment.html>


More information about the Freeradius-Users mailing list