Tom Leach wrote:
Grr, off on a goose chase. Problem isn't in rlm_pap.c, but rlm_ldap.c.
rlm_ldap only likes the Cleartext-Password and User-Password
attributes.
Yes... the message you posted clearly shows it's output from the LDAP
mdoule.
Would it be a bad thing to patch rlm_ldap.c to
correctly?
[ldap-server1] user testuser authorized to use remote access
Date: Tue, 27 Jul 2010 09:00:23 +0200
From: Alan DeKok al...@deployingradius.com
Subject: Re: Another LDAP/RADIUS integration problem.
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID
Tom Leach wrote:
Alan, I changed the ldap.attrmap file from checkItem Crypt-Password
userPassword to checkItem User-Password userPassword and it's
authenticating now, but I now have a new message in the debug output and
I'm not sure if it's a problem, suggestion, or otherwise.
It's a
Alan, I changed the ldap.attrmap file from checkItem Crypt-Password
userPassword to checkItem User-Password userPassword and it's
authenticating now, but I now have a new message in the debug output and
I'm not sure if it's a problem, suggestion, or otherwise. I can't
change the LDAP
OK, I had LDAP 'working' but radiusd -X was showing the old 'WARNING: No
known good password was found in LDAP' errors. Ignoring much of the
'wisdom' on other sites to just ignore the error, I'm trying to squash
all errors from the -X output. It was failing because the bind failed
(due to a
Tom Leach wrote:
To correct the bind problem, I added an ACL to the directory to allow
'uid=admin,o=radtree' to access the userPassword attribute, then
configured the ldap module to use 'uid=admin,o=radtree' as the identity
and 'secret' as the password. Now the bind succeeds, the -X output
On 07/23/2010 02:59 PM, Alan DeKok wrote:
Tom Leach wrote:
To correct the bind problem, I added an ACL to the directory to allow
'uid=admin,o=radtree' to access the userPassword attribute, then
configured the ldap module to use 'uid=admin,o=radtree' as the identity
and 'secret' as the password.
John Dennis wrote:
Just from looking at the rlm_ldap code (not actual testing) I thought if
auto_header was set to True in the ldap config then rlm_ldap after
looking up the configured password attribute would perform the steps you
describe above. (strip the hash prefix and add a new attribute
8 matches
Mail list logo
