> On Sat, Mar 10, 2012 at 5:29 AM, <u...@3.am> wrote:
>>> So to save lots of time and configuration problem: does your LDAP
>>> store user passwords in clear text or any "common" hash (e.g. md5,
>>> unix)? If yes, AND you know what the LDAP attribute is, you don't even
>>> need an LDAP section in authenticate.
>>
>> Mostly crypt, but I've seen a few SSHA hashes. I know the ldap attribute as
>> well. Assuming those hashes are "common" enough, what do I need to do?
>
> If the hash is supported (see
> http://wiki.freeradius.org/Protocol%20Compatibility) , you only need
> to make sure FR sees it in the right place. See ldap.atrmap.
Both hashes are supported, thanks for the link. I assume I need to define
something to map to, as well? Like this:
raddb/dictionary: ATTRIBUTE userPassword 3004 string
raddb/ldap.attrmap: checkItem User-Password userPassword
Then I just noticed this in the ldap module (which we have in the radiusd.conf):
# password_attribute = userPassword
Do I understand correctly that I can just uncomment that and not define anything
in the dictionary or ldap.attrmap?
Again, thanks!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
