here is a sample user entry in LDAP
dn: uid=Receiving,ou=People,dc=INTRANET
sambaPwdMustChange: 2147483647
cn: Receiving
uidNumber: 555
sambaPrimaryGroupSID:
S-1-5-21-4070452498-3149834983-2923667569-1200
sambaAcctFlags: [U ]
gecos: Receiving
mail: [EMAIL PROTECTED]
sambaLMPassword: A4166518BE871F28AAD3Bblahblahb
uid: Receiving
homeDirectory: /home/Receiving
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgperson
objectClass: sambaSamAccount
gidNumber: 100
sambaNTPassword: B3B1D43229FDD7D46DA2110Dblahblah
sambaSID:
S-1-5-21-4070452498-3149834983-2923667569-2110
sn: Receiving
givenName: Receiving
loginShell: /bin/bash
sambaPwdCanChange: 1087659021
sambaPwdLastSet: 1087659021
userPassword: {SMD5}blahblahblah
Some accounts have {crypt} for userPassword, some have
{SMD5} as you see there. I'd prefer, as that post had
stated, just to use sambaLMPassword and/or
sambaNTPassword.
thanks
--- "John H." <[EMAIL PROTECTED]> wrote:
> "On the LDAP server ensure also that the radius
> server
> can read the all the posixAccount attributes
> (expecially uid and userpassword)."
>
> As far as I know, this was verified with radtest,
> because you have to supply a user name and password.
>
> I said I was able to test with radtest, not
> radclient.
>
> As far as clear text goes, I am assuming this means
> unencrypted, which would defeat the purpose of why
> we
> are using LDAP. Samba's LDAP passwords(lmpassword
> and
> ntpassword) as well as userPassword, are all
> encrypted. Why would I want to deal with clear-text
> passwords?
>
>
>
> --- Alan DeKok <[EMAIL PROTECTED]> wrote:
>
> > "John H." <[EMAIL PROTECTED]> wrote:
> > > I didn't "go out of my way", I followed the
> > > documentation
> > >
> >
>
http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/radius.html
> > >
> > > that is EXACTLY what I used.
> >
> > It talks about using the "userPassword"
> attribute
> > in LDAP. You're
> > not doing that.
> >
> > And you talked about following "some"
> > documentation. It was only
> > after I asked you pointedly WHAT documentation,
> did
> > you say so. I
> > can't read your mind, and I don't know which
> > documentation you're
> > following, until you say so. All I knew is that
> > whatever
> > documentation you claimed you were following
> wasn't
> > included with
> > FreeRADIUS.
> >
> > And despite your claims of "following the
> > documentation", you
> > clearly were not following the documentation which
> > DOES come with the
> > server. I had to ask you TWICE to run the server
> in
> > debugging mode,
> > even though the documentation which comes with the
> > server clearly
> > describes how to do so, and that it strongly
> > recommends you do so.
> >
> > So you followed documentation "somewhere on the
> > net", but not the
> > documentation included with the server. Can you
> > explain why?
> >
> > You also edited the default "radiusd.conf", to
> > break it. Can you
> > explain why?
> >
> > > As I said, I have never been treated so rudely
> and
> > > condescendingly on a mailing list simply for
> > following
> > > documentation.
> >
> > Nonsense. You have:
> >
> > - sort of followed non-FreeRADIUS documentation
> > - haven't followed FreeRADIUS documentation
> > - resisted following my instructions on this
> list.
> >
> > If you're not going to follow the answers given
> on
> > this list, I
> > don't see why you're asking questions on this
> list.
> >
> > > I don't doubt I'm nearly at the end of my
> > > configuration for what I am trying to do...
> > > poptop/pptp works without radius plugin,
> > freeradius
> > > works with ldap, but there is that user-password
> > issue
> >
> > You said it worked with "radclient". I assume
> you
> > used PAP
> > authentication. If you try the same user with
> > MS-CHAP, then it will
> > work, unless you've gone out of your way to break
> it
> > again.
> >
> > Honestly, if PAP works for a user, then MS-CHAP
> > works, too. Trust
> > me in this.
> >
> > > However, the closest thing to a solution they've
> > > mentioned is using "lm password", which I know
> to
> > do,
> > > but I am trying to find out how to tell
> freeradius
> > to
> > > auth to ldap object sambaLMPassword and
> > > sambaNTPassword, which I have been unable to do,
> > even
> > > after, as suggested, modifying ldapattr.map.
> >
> > Try a clear-text password, like it suggests in
> the
> > documentation on the web page you claimed you were
> > following.
> >
> > Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Mail is new and improved - Check it out!
> http://promotions.yahoo.com/new_mail
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
