EAP-TTLS/PAP with OpenLDAP user store

Fajar A. Nugraha list at fajar.net
Wed Mar 7 01:58:00 CET 2012


On Wed, Mar 7, 2012 at 3:09 AM, Stefano Zanmarchi <zanmarchi at gmail.com> wrote:
> On Tue, Mar 6, 2012 at 8:00 PM, Fajar A. Nugraha <list at fajar.net> wrote:
>>> Instead, you should find out which LDAP attribute stores your
>>> MD5-password, add the correct mapping to ldap.attrmap, and leave
>>> Auth-Type section commented-out.
>
> Hi Fajar,
> thank you for your kind answers, l'll try that out.
> One thing still isn't clear to me though. Since the LDAP  "userPassword"
> contains the hashed password, how can freeradius use ldap.attrmap  to
> perform authentication? I thought it could only try to bind as the user.

I assume you've seen http://wiki.freeradius.org/Rlm_ldap ?

Basically you need to determine:
- which LDAP attribute stores the password (e.g. userPassword? something else?)
- does the attribute store the password with header (e.g {md5})?
- is the mapping in ldap.attrmap correct?

-- 
Fajar


More information about the Freeradius-Users mailing list