Re: ldap passwords?
This is a discussion on Re: ldap passwords? within the FreeRADIUS Users forums, part of the Networking and Network Related category; You need to change password_radius_attribute to Crypt-Password. It defaults to clear password type (User-Password). Ivan Kalik Kalik Informatika ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-06-2007
|
|||
|
|||
Re: ldap passwords?
You need to change password_radius_attribute to Crypt-Password. It
defaults to clear password type (User-Password). Ivan Kalik Kalik Informatika ISP Dana 6/3/2007, "Tim Tyler" <tyler@beloit.edu> pi=B9e: >Ivan, > Sorry to bother you again. Where should I = >apply the Crypt-Password? Should I apply it in = >radiusd.conf or in the ldap.attrmap file? > What line were you referring to? > My ldap database stores the password in = >userPassword field. I assume that I should = >keep password_attribute =3D userPassword in the radiusd.conf file, correc= t? >Tim > >At 04:51 PM 3/5/2007, you wrote: >>Use Crypt-Password not User-Password. >> >>Ivan Kalik >>Kalik Informatika ISP >> >> >>Dana 5/3/2007, "Tim Tyler" <tyler@beloit.edu> pi=B9e: >> >> > Freeradius experts, >> > I am trying to configure freeradius to use openldap as a backend >> >for authentication, but I can't seem to get the passwords to >> >authenticate. It seems to have no problem binding and finding the >> >username (uid). I am using crypt passwords in the ldap userPassword fie= ld: >> >userPassword:: e1NTSEF9aXBWQklEYnZYSU9RdWl2V0ZtdGR5MWxIWFFsZWVCMj Q=3D >> > >> > I am not using any radius attributes. I simply want to allow any >> >uid to authenticate. I get these results: >> > >> >rad_recv: Access-Request packet from host = >> 144.89.40.8:59881, id=3D60, length=3D59 >> > User-Name =3D "tylertj" >> > User-Password =3D "xxxxxx" >> > NAS-IP-Address =3D 255.255.255.255 >> > NAS-Port =3D 1812 >> >rlm_ldap: - authorize >> >rlm_ldap: performing user authorization for tylertj >> >rlm_ldap: ldap_get_conn: Checking Id: 0 >> >rlm_ldap: ldap_get_conn: Got Id: 0 >> >rlm_ldap: (re)connect to ldap.beloit.edu:389, authentication 0 >> >rlm_ldap: setting TLS CACert File to /etc/openldap/cacerts/cacert.cer >> >rlm_ldap: starting TLS >> >rlm_ldap: bind as / to ldap.beloit.edu:389 >> >rlm_ldap: waiting for bind result ... >> >rlm_ldap: Bind was successful >> >rlm_ldap: looking for check items in directory... >> >rlm_ldap: looking for reply items in directory... >> >rlm_ldap: user tylertj authorized to use remote access >> >rlm_ldap: ldap_release_conn: Release Id: 0 >> >rad_recv: Access-Request packet from host = >> 144.89.40.8:59881, id=3D60, length=3D59 >> >Sending Access-Reject of id 60 to 144.89.40.8:59881 >> > >> > >> > What might I be doing wrong? I presume that the ldap server >> >doesn't have to store the passwords in plain text, correct? I can >> >store them in md5 or SHA1 hash if I want, correct? I did uncomment: >> > >> >authenticate { >> > Auth-Type LDAP { >> > ldap >> > } >> > >> > Am I wrong to think this is now a password issue? >> >Tim >> > >> > >> > >> > >> > >> >Tim Tyler >> >Network Engineer - Beloit College >> >tyler@beloit.edu >> > >> >>- >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users= ..html > >Tim Tyler >Network Engineer - Beloit College >tyler@beloit.edu = > > > >- = >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.= html > > - = List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.h= tml 
|
Linear Mode
