Check LDAP password with SHA512
Alan DeKok
aland at deployingradius.com
Wed Jan 27 20:01:50 CET 2016
On Jan 27, 2016, at 1:56 PM, Will W. <will at damagesinc.net> wrote:
> There are multiple ldap hosts behind a load balancer, think the ldap genies are doing maintenance, so nice that they do that with out sending out an e-mail or something to do with the following:
That is not good. The idea of a database is to be available. If it's randomly not available due to load balancer issues... that should be fixed.
> output of radtest demouser testing123 localhost 0 testing123
OK...
> (1) ldap : User object found at DN "uid=demouser,ou=Users,dc=myhost,dc=com"
> (1) ldap : Processing user attributes
> (1) WARNING: ldap : No "known good" password added. Ensure the admin user has permission to read the password attribute
> (1) WARNING: ldap : PAP authentication will *NOT* work with Active Directory (if that is what you were trying to configure)
Again, those messages should be clear.
Fix LDAP so that it returns results. Or, have the search done via an administrative user.
Alan DeKok.
More information about the Freeradius-Users
mailing list