Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem
This is a discussion on Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem within the FreeRADIUS Users forums, part of the Networking and Network Related category; Hello Douglas, The password that you try to resend is not the encrypted password it s an ascii representation of ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-12-2005
|
|||
|
|||
Re: OpenLDAP / FreeRADIUS / Cisco 5350 problem
Hello Douglas,
The password that you try to resend is not the encrypted password it s an ascii representation of your encrypted password. I assume that you need to activate the chap (or pap with a encryption_scheme = crypt) module to be able to authenticate this request. I don't know about LDAP, but I authenticate this kind of encrypted password with mysql using a scheme like this: modules { [...] pap { encryption_scheme = crypt } [...] chap { authtype = CHAP } [...] } authorize { preprocess auth_log chap suffix # I m using MySQL instead of LDAP ... sql } authenticate { Auth-Type LDAP { ldap } Auth-Type CHAP { chap } } Hope this can help you. >I'm running into an issue here, and I can't seem to find the forest for >the trees. I'm probably overlooking something obvious, and am not >searching correctly for the problem. > >Our LDAP server is using crypted passwords at the moment. > >The router is a cisco 5350. RADIUS is FreeRADIUS 1.0.1-2 on Debian >Sarge. > >The problem is this: If I pass the radtest client a clear-text password, >authentication is successful. If either I pass the client an encrypted >password (copied from the logs) or point the 5350 at the radius server, >it doesn't work. I verified that the shared secret is correctly matched >with what is in the router. > >Here is a sample of the password that is being passed: > >User-Password = "\240d\351E\3737\025\022\0227,(rest removed)" > >Here is the configuration (comments omitted to save space). I have >tried with the password_header both set to {CRYPT} and commented out. > >ldap { > server = "*******" > identity = ******** > password = ******** > basedn = "ou=people,dc=eiu,dc=edu" > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" > dictionary_mapping = ${raddbdir}/ldap.attrmap > ldap_connections_number = 5 > password_header = "{CRYPT}" > timeout = 4 > timelimit = 3 > net_timeout = 1 >} > >authorize { > preprocess > auth_log > suffix > ldap >} > >authenticate { > Auth-Type LDAP { > ldap > } >} > >Any ideas? > >Thanks. > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
