> On Sat, Mar 10, 2012 at 5:29 AM, <u...@3.am> wrote: >>> So to save lots of time and configuration problem: does your LDAP >>> store user passwords in clear text or any "common" hash (e.g. md5, >>> unix)? If yes, AND you know what the LDAP attribute is, you don't even >>> need an LDAP section in authenticate. >> >> Mostly crypt, but I've seen a few SSHA hashes. I know the ldap attribute as >> well. Assuming those hashes are "common" enough, what do I need to do? > > If the hash is supported (see > http://wiki.freeradius.org/Protocol%20Compatibility) , you only need > to make sure FR sees it in the right place. See ldap.atrmap.
Both hashes are supported, thanks for the link. I assume I need to define something to map to, as well? Like this: raddb/dictionary: ATTRIBUTE userPassword 3004 string raddb/ldap.attrmap: checkItem User-Password userPassword Then I just noticed this in the ldap module (which we have in the radiusd.conf): # password_attribute = userPassword Do I understand correctly that I can just uncomment that and not define anything in the dictionary or ldap.attrmap? Again, thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html