Check LDAP password with SHA512
aland at deployingradius.com
Tue Feb 2 21:54:09 CET 2016
On Feb 2, 2016, at 3:45 PM, Will W. <will at damagesinc.net> wrote:
> it is the radiusd -X out of the radtast here are the fail and success
This ends up not being complicated. Reading the debug output helps.
> rlm_ldap (ldap) - Bind successful
> (1) ldap (updated)
> (1) pap - Converted: Password-With-Header -> Crypt-Password
> (0) ldap - User object found at DN "uid=user,ou=Users,dc=myhost,dc=com"
> (0) ldap - Processing user attributes
> (0) ldap - WARNING: No "known good" password added. Set 'identity' to
> the dn of an account that has permission to read the user's password
If only the server produced useful error messages.
This isn't rocket science. For the "success" case, the user has a password in LDAP. For the "fail" case, the user doesn't have a password in LDAP. Or, the user doesn't have permission to read the password.
Have you tried checking the user entries in LDAP?
More information about the Freeradius-Users