Issues getting SLES11 FreeRadius working with eDirectory
Michael Ströder
michael at stroeder.com
Fri Apr 10 15:16:34 CEST 2015
Brian Boere wrote:
> Chris, I have added the "edir = yes" (also found some information about
> also adding edir_autz = yes) and it did not make a difference.
AFAIK edir = yes uses a Novell-specific LDAP extended operation for extracting
the Universal Password from eDirectory as clear-text.
Not sure whether your security policy allows that. Personally I'd recommend
not to use it. But that's me.
Special admin rights are needed in eDirectory for the FreeRADIUS system user
to be allowed to do that.
IIRC you also must use an encrypted LDAP connection (LDAPS or StartTLS ext
op.) when using this particular LDAP extended operation. That's probably what
Christopher meant with "Modify the port you connect to eDirectory [..]".
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4272 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150410/467ddefc/attachment.bin>
More information about the Freeradius-Users
mailing list