Check LDAP password with SHA512
Alan DeKok
aland at deployingradius.com
Tue Feb 2 21:54:09 CET 2016
On Feb 2, 2016, at 3:45 PM, Will W. <will at damagesinc.net> wrote:
>
> it is the radiusd -X out of the radtast here are the fail and success
This ends up not being complicated. Reading the debug output helps.
> Success
...
> rlm_ldap (ldap) - Bind successful
> (1) ldap (updated)
> (1) pap - Converted: Password-With-Header -> Crypt-Password
That's clear.
> Fail
...
> (0) ldap - User object found at DN "uid=user,ou=Users,dc=myhost,dc=com"
> (0) ldap - Processing user attributes
> (0) ldap - WARNING: No "known good" password added. Set 'identity' to
> the dn of an account that has permission to read the user's password
> attribute
If only the server produced useful error messages.
This isn't rocket science. For the "success" case, the user has a password in LDAP. For the "fail" case, the user doesn't have a password in LDAP. Or, the user doesn't have permission to read the password.
Have you tried checking the user entries in LDAP?
Alan DeKok.
More information about the Freeradius-Users
mailing list