Check LDAP password with SHA512
Will W.
will at damagesinc.net
Tue Feb 2 21:00:01 CET 2016
Ok Still having issues, I have the lasted pull from this morning running on
CentOS 7.2
It seems that I can only see it trying cleartext, is there a way to get the
PAP module to a higher debug level so I can see what cipher it is trying
against the LDAP server?
Config file for default after putting in the changes
http://pastebin.com/Z7H3tjxm
Here is the output from radtest
http://pastebin.com/GfBkbFxY
On Thu, Jan 28, 2016 at 9:53 AM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:
>
> > On Jan 28, 2016, at 3:49 AM, Will W. <will at damagesinc.net> wrote:
> >
> > OK this is getting fun, two systems up, the first one I get working wins.
> >
> > - original system: SEL 12.1 Freeradius install via repo binaries 3.0.4
> > I'm familiar with 2.x but 3.x has a few differences.
> > I am guessing that this needs to be changed in
> > /etc/raddb/sites-enabled/default
> > Emailing from my phone is a bit painful.
> >
> > -second system after getting the email about Freeradius 3.1.0 with patch
> > for crypt. Ubuntu x86_64 14.04 cloned from github about three hours ago.
> > Freeradius 3.1.0
> > Still trying to figure out what is wrong with my /dev/urandom file set in
> > /etc/freeradius/mods-enabled/ldap
> >
> > Seems like on both RHEL 7.x and Ubuntu 14.04 when I compile from source
> and
> > run either freeradius -X the first thing that it complained about was:
> > random_file = /dev/urandom is world writable. Quick chmod 644 and then I
> > get an unknown error trying to set the random_file.
> >
> > Is there a fix for this?
>
> Unknown error means ldap_set_option returned an error without setting an
> error
> on the ldap handle.
>
> Reading through the OpenLDAP code, it seems that this particular option is
> only
> available as a global, so we're not allowed to pass in an ldap handle.
>
> This is undocumented behaviour.
>
> I'll push a fix.
>
> As for module ordering, edit sites-available/default
>
> Remove everything from the authorize section, and just list the modules
>
> ldap
> pap
>
> in that order.
>
> Remove everything from the auth section, and just list pap.
>
> It should work.
>
> -Arran
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list