Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem
This is a discussion on Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem within the FreeRADIUS Users forums, part of the Networking and Network Related category; "Douglas G. Phillips" <csdgp@eiu.edu> wrote: > Our LDAP server is using crypted passwords at ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-12-2005
|
|||
|
|||
Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem
"Douglas G. Phillips" <csdgp@eiu.edu> wrote:
> Our LDAP server is using crypted passwords at the moment. RADIUS clients can use PAP. Nothing else. > The problem is this: If I pass the radtest client a clear-text password, > authentication is successful. If either I pass the client an encrypted > password (copied from the logs) That won't work. The server will interpret the User-Password attribute as the clear-text password, because that's the definition of User-Password. There are no provisions in RADIUS for passing crypt'd passwords in a RADIUS packet. > ... or point the 5350 at the radius server, it doesn't work. I don't see why. > Here is the configuration (comments omitted to save space). I have > tried with the password_header both set to {CRYPT} and commented out. That tells the LDAP module how to interpret the password it gets from the LDAP server. It doesn't tell FreeRADIUS to treat User-Password as a crypt'd password. The documentation for the LDAP module makes the first point clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
