Check LDAP password with SHA512
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Jan 28 18:53:35 CET 2016
> On Jan 28, 2016, at 3:49 AM, Will W. <will at damagesinc.net> wrote:
>
> OK this is getting fun, two systems up, the first one I get working wins.
>
> - original system: SEL 12.1 Freeradius install via repo binaries 3.0.4
> I'm familiar with 2.x but 3.x has a few differences.
> I am guessing that this needs to be changed in
> /etc/raddb/sites-enabled/default
> Emailing from my phone is a bit painful.
>
> -second system after getting the email about Freeradius 3.1.0 with patch
> for crypt. Ubuntu x86_64 14.04 cloned from github about three hours ago.
> Freeradius 3.1.0
> Still trying to figure out what is wrong with my /dev/urandom file set in
> /etc/freeradius/mods-enabled/ldap
>
> Seems like on both RHEL 7.x and Ubuntu 14.04 when I compile from source and
> run either freeradius -X the first thing that it complained about was:
> random_file = /dev/urandom is world writable. Quick chmod 644 and then I
> get an unknown error trying to set the random_file.
>
> Is there a fix for this?
Unknown error means ldap_set_option returned an error without setting an error
on the ldap handle.
Reading through the OpenLDAP code, it seems that this particular option is only
available as a global, so we're not allowed to pass in an ldap handle.
This is undocumented behaviour.
I'll push a fix.
As for module ordering, edit sites-available/default
Remove everything from the authorize section, and just list the modules
ldap
pap
in that order.
Remove everything from the auth section, and just list pap.
It should work.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160128/774edaa4/attachment.sig>
More information about the Freeradius-Users
mailing list